Specifies the (clear text) password for the user. Warning: do not set confidential information here because it is world-readable in the Nix store. This option should only be used for public accounts.
The initialHashedPassword, hashedPassword, initialPassword, password and hashedPasswordFile options all control what password is set for the user.
In a system where is false
, typically only one of hashedPassword, password, or hashedPasswordFile will be set.
In a system where is true
, typically only one of initialPassword, initialHashedPassword, or hashedPasswordFile will be set.
If the option users.mutableUsers is true, the password defined in one of the above password options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.
If none of the password options are set, then no password is assigned to the user, and the user will not be able to do password-based logins.
If multiple of these password options are set at the same time then a specific order of precedence is followed, which can lead to surprising results. The order of precedence differs depending on whether the users.mutableUsers option is set.
If the option users.mutableUsers is false
, then the order of precedence is as shown below, where values on the left are overridden by values on the right: initialHashedPassword -> hashedPassword -> initialPassword -> password -> hashedPasswordFile
If the option users.mutableUsers is true
, then the order of precedence is as shown below, where values on the left are overridden by values on the right: initialHashedPassword -> initialPassword -> hashedPassword -> password -> hashedPasswordFile.