From b346cbe89b24c6c62863cfcfd6e40078faba6098 Mon Sep 17 00:00:00 2001 From: nachoparker Date: Sun, 4 Mar 2018 12:55:44 +0100 Subject: [PATCH] disable ncp user login --- etc/nextcloudpi-config.d/SSH.sh | 16 ---------------- nextcloudpi.sh | 5 +++-- update.sh | 3 +++ 3 files changed, 6 insertions(+), 18 deletions(-) diff --git a/etc/nextcloudpi-config.d/SSH.sh b/etc/nextcloudpi-config.d/SSH.sh index 10d56747b..d001ee382 100644 --- a/etc/nextcloudpi-config.d/SSH.sh +++ b/etc/nextcloudpi-config.d/SSH.sh @@ -58,22 +58,6 @@ configure() } } - # Check for insecure default ncp password ( taken from old jessie method ) - local SHADOW="$( grep -E '^ncp:' /etc/shadow )" - test -n "${SHADOW}" && { - local SALT=$(echo "${SHADOW}" | sed -n 's/ncp:\$6\$//;s/\$.*//p') - local HASH=$(mkpasswd -msha-512 ownyourbits "$SALT") - - grep -q "${HASH}" <<< "${SHADOW}" && { - systemctl stop ssh - systemctl disable ssh - echo "The user ncp is using the default password. Refusing to activate SSH" - echo "You can change this password from nc-passwd" - echo "SSH disabled" - return 1 - } - } - # Enable chage -d 0 "$USER_" systemctl enable ssh diff --git a/nextcloudpi.sh b/nextcloudpi.sh index b070b712e..2d2af3da9 100644 --- a/nextcloudpi.sh +++ b/nextcloudpi.sh @@ -94,8 +94,9 @@ EOF a2ensite ncp ## NCP USER FOR AUTHENTICATION - useradd $WEBADMIN - echo -e "$WEBPASSWD\n$WEBPASSWD" | passwd $WEBADMIN + useradd --home-dir /nonexistent "$WEBADMIN" + echo -e "$WEBPASSWD\n$WEBPASSWD" | passwd "$WEBADMIN" + chsh -s /usr/sbin/nologin "$WEBADMIN" ## NCP LAUNCHER mkdir -p /home/www diff --git a/update.sh b/update.sh index fa27fe320..1256d8841 100755 --- a/update.sh +++ b/update.sh @@ -244,6 +244,9 @@ EOF grep -q sleep "$F2BUNIT" || sed -i "/^ExecStart=/iExecStartPre=/bin/sleep 10" "$F2BUNIT" grep -q sleep "$SWPUNIT" || sed -i "/\