diff options
| author | Craig Jennings <c@cjennings.net> | 2026-01-17 23:58:48 -0600 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-01-17 23:58:48 -0600 |
| commit | c01aed56f58648a18ccde317d45b14e53ea753c1 (patch) | |
| tree | bb94a28025c3046a0be7aafe32c3ee13f8b64d5e /archsetup | |
| parent | bfcd407e5e6f4943f3ef886cb68ff2f655b51116 (diff) | |
security(archsetup): lock root account at end of script
Root is locked last so it remains available for recovery if script fails earlier.
Users must use sudo for privileged operations after successful install.
Diffstat (limited to 'archsetup')
| -rwxr-xr-x | archsetup | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -1472,6 +1472,10 @@ outro() { action="forcing user password change on first login" && display "task" "$action" chage -d 0 "$username" >> "$logfile" 2>&1 || error "error" "$action" "$?" + # Lock root account last - if script fails earlier, root is still available for recovery + action="locking root account (use sudo instead)" && display "task" "$action" + passwd -l root >> "$logfile" 2>&1 || error "error" "$action" "$?" + display "subtitle" "Statistics" action="identifying newly installed packages" && display "task" "$action" pacman -Q > "$packages_after" || error "error" "$action" "$?" |