Dustin
eb8f4c3b40
In order for users to be able to log in locally or via SSH without an authorized key, they will need to have passwords set in `/etc/shadow`. We do not really want to make all of `/etc` writable, so we will store the actual `shadow` file on the persistent data volume, in a separate Btrfs subvolume, and then bind-mount it at `/etc/shadow`. While this makes `/etc/shadow` mutable, it does not actually let the `passwd` program modify it. This is because `passwd` creates lock files and backup files in `/etc`. We will ultimately need a wrapper to "trick" `passwd` into modifying `/etc/shadow`, without making the whole `/etc` directory mutable. |
||
|---|---|---|
| .. | ||
| bin | ||
| lib | ||
| libexec | ||