12-07-2020, 03:18 PM
Couple things.
1. I'm not an expert on OS security.
2. moOde is not a secure system and should never be connected to an untrusted, unknown, public or unsecured network. It's meant to only be used on typical residential networks protected by a Router or on its own AP mode network. If you choose to use it on an untrusted network YMMV.
As far as the MPD and upmpdcli accounts go, they are created during the build of moOde by the commands below. Since we have not specified a login shell via --shell it must default to /bin/bash.
They end up with the following status. Note that the "L" after the userid means the password is locked which prevents logging into the account. According to what I read "L" means the password is effectively disabled by changing it to a value which matches no possible encrypted value"
Here is what the pi account looks like. The "P" after the userid means it has a usable password that can be used to login to the account.
So even though those two accounts are assigned to the bash shell their passwords are locked which effectively prevents using those accounts to log into the system.
You could try changing the assigned shell for those two accounts to /usr/sbin/nologin and let us know if anything breaks.
1. I'm not an expert on OS security.
2. moOde is not a secure system and should never be connected to an untrusted, unknown, public or unsecured network. It's meant to only be used on typical residential networks protected by a Router or on its own AP mode network. If you choose to use it on an untrusted network YMMV.
As far as the MPD and upmpdcli accounts go, they are created during the build of moOde by the commands below. Since we have not specified a login shell via --shell it must default to /bin/bash.
Code:
sudo useradd mpd
sudo useradd upmpdcliThey end up with the following status. Note that the "L" after the userid means the password is locked which prevents logging into the account. According to what I read "L" means the password is effectively disabled by changing it to a value which matches no possible encrypted value"
Code:
pi@rp2:~ $ sudo passwd --status mpd
mpd L 07/02/2020 0 99999 7 -1
pi@rp2:~ $ sudo passwd --status upmpdcli
upmpdcli L 07/02/2020 0 99999 7 -1Here is what the pi account looks like. The "P" after the userid means it has a usable password that can be used to login to the account.
Code:
pi@rp2:~ $ sudo passwd --status pi
pi P 07/02/2020 0 99999 7 -1
pi@rp2:~ $So even though those two accounts are assigned to the bash shell their passwords are locked which effectively prevents using those accounts to log into the system.
You could try changing the assigned shell for those two accounts to /usr/sbin/nologin and let us know if anything breaks.
