Dear all, I am trying to setup a server with multiple users and mutableUsers = false
. I store the secrets with agenix and then use the users.users.<user>.passwordFile = config.age.secrets.<userPassword>.path;
. After a rebuild, I notice that the password is present in /etc/shadow
in plain text. When I try to run a command with sudo
the password is not recognized (I assume it is hashed before checking /etc/shadow
). When I set mutableUsers = true;
and change the password with passwd
, I see a password hash prefixed with $6$
for the corresponding user in the shadow file and sudo
commands run without issues. Here are my questions:
- should the password appear in plain text in the shadow file when setting
passwordFile
for a user? - how do I make
sudo
work with plain text passwords in the shadow file?
please let me know if you need additional information. thanks for your time and effort!