diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 2255c2f5eacc..8d88d577a41b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1145,6 +1145,7 @@ in { userborn-mutable-etc = runTest ./userborn-mutable-etc.nix; userborn-immutable-etc = runTest ./userborn-immutable-etc.nix; user-activation-scripts = handleTest ./user-activation-scripts.nix {}; + user-enable-option = runTest ./user-enable-option.nix; user-expiry = runTest ./user-expiry.nix; user-home-mode = handleTest ./user-home-mode.nix {}; ustreamer = handleTest ./ustreamer.nix {}; diff --git a/nixos/tests/user-enable-option.nix b/nixos/tests/user-enable-option.nix new file mode 100644 index 000000000000..304777fd6a55 --- /dev/null +++ b/nixos/tests/user-enable-option.nix @@ -0,0 +1,82 @@ +let + normal-enabled = "username-normal-enabled"; + normal-disabled = "username-normal-disabled"; + system-enabled = "username-system-enabled"; + system-disabled = "username-system-disabled"; + passwd = "enableOptionPasswd"; +in +{ + name = "user-enable-option"; + + nodes.machine = { + users = { + groups.test-group = { }; + users = { + # User is enabled (default behaviour). + ${normal-enabled} = { + enable = true; + isNormalUser = true; + initialPassword = passwd; + }; + + # User is disabled. + ${normal-disabled} = { + enable = false; + isNormalUser = true; + initialPassword = passwd; + }; + + # User is a system user, and is enabled. + ${system-enabled} = { + enable = true; + isSystemUser = true; + initialPassword = passwd; + group = "test-group"; + }; + + # User is a system user, and is disabled. + ${system-disabled} = { + enable = false; + isSystemUser = true; + initialPassword = passwd; + group = "test-group"; + }; + }; + }; + }; + + testScript = '' + def switch_to_tty(tty_number): + machine.fail(f"pgrep -f 'agetty.*tty{tty_number}'") + machine.send_key(f"alt-f{tty_number}") + machine.wait_until_succeeds(f"[ $(fgconsole) = {tty_number} ]") + machine.wait_for_unit(f"getty@tty{tty_number}.service") + machine.wait_until_succeeds(f"pgrep -f 'agetty.*tty{tty_number}'") + + machine.wait_for_unit("multi-user.target") + machine.wait_for_unit("getty@tty1.service") + + with subtest("${normal-enabled} exists"): + check_fn = f"id ${normal-enabled}" + machine.succeed(check_fn) + machine.wait_until_tty_matches("1", "login: ") + machine.send_chars("${normal-enabled}\n") + machine.wait_until_tty_matches("1", "Password: ") + machine.send_chars("${passwd}\n") + + with subtest("${normal-disabled} does not exist"): + switch_to_tty(2) + check_fn = f"id ${normal-disabled}" + machine.fail(check_fn) + + with subtest("${system-enabled} exists"): + switch_to_tty(3) + check_fn = f"id ${system-enabled}" + machine.succeed(check_fn) + + with subtest("${system-disabled} does not exist"): + switch_to_tty(4) + check_fn = f"id ${system-disabled}" + machine.fail(check_fn) + ''; +} diff --git a/nixos/tests/userborn.nix b/nixos/tests/userborn.nix index 2c4f44b93ca5..7932a73b7c9b 100644 --- a/nixos/tests/userborn.nix +++ b/nixos/tests/userborn.nix @@ -66,6 +66,10 @@ in isNormalUser = true; hashedPassword = newNormaloHashedPassword; }; + normalo-disabled = { + enable = false; + isNormalUser = true; + }; }; groups = { new-group = { }; @@ -96,6 +100,11 @@ in assert 1000 > int(machine.succeed("id --user sysuser")), "sysuser user doesn't have a system UID" assert "${sysuserInitialHashedPassword}" in machine.succeed("getent shadow sysuser"), "system user password is not correct" + with subtest("normalo-disabled is NOT created"): + machine.fail("id normalo-disabled") + # Check if user's home has been created + machine.fail("[ -d '/home/normalo-disabled' ]") + with subtest("sysusers group is created"): print(machine.succeed("getent group sysusers"))