Merge lp:~harlowja/cloud-init/fix-passwd into lp:~cloud-init-dev/cloud-init/trunk

Proposed by Joshua Harlow
Status: Merged
Merged at revision: 756
Proposed branch: lp:~harlowja/cloud-init/fix-passwd
Merge into: lp:~cloud-init-dev/cloud-init/trunk
Diff against target: 17 lines (+4/-3)
1 file modified
cloudinit/distros/ (+4/-3)
To merge this branch: bzr merge lp:~harlowja/cloud-init/fix-passwd
Reviewer Review Type Date Requested Status
cloud-init Commiters Pending
Review via email:
To post a comment you must log in.
Revision history for this message
Scott Moser (smoser) wrote :

I dont have a good explanation for why system accounts would differ from non-system accounts with reguard to 'lock_passwd'. So, I'm just going to simplify this to:
+ # Default locking down the account. 'lock_passwd' defaults to True.
+ # lock account unless lock_password is False.
+ if kwargs.get('lock_passwd', True):

My simple test on 12.04 shows that 'passwd -l USER' works fine even if user's entry in /etc/shadow has '*' (which means 'no password').

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'cloudinit/distros/'
2--- cloudinit/distros/ 2012-11-20 06:04:31 +0000
3+++ cloudinit/distros/ 2013-01-05 18:20:27 +0000
4@@ -335,9 +335,10 @@
5 self.set_passwd(name, kwargs['plain_text_passwd'])
7 # Default locking down the account.
8- if ('lock_passwd' not in kwargs and
9- ('lock_passwd' in kwargs and kwargs['lock_passwd']) or
10- 'system' not in kwargs):
11+ #
12+ # Which means if lock_passwd is False (on non-existent its true)
13+ # then lock or if system is True (on non-existent its false) then lock.
14+ if (kwargs.get('lock_passwd', True) or kwargs.get('system', False)):
15 try:
16 util.subp(['passwd', '--lock', name])
17 except Exception as e: