[lxc-devel] root and ubuntu pass
Leonid Isaev
lisaev at umail.iu.edu
Thu Apr 17 17:09:47 UTC 2014
On Thu, 17 Apr 2014 09:38:31 -0400
Stéphane Graber <stgraber at ubuntu.com> wrote:
> On Thu, Apr 17, 2014 at 02:07:08PM +0200, Ducos Laurent wrote:
> > Hello
> > Is it possible to secure the password generated by debian and ubuntu
> > templates like this ?
> >
> > password=$(apg -a 0 -M ncl -n 1 -x 10 -m 8)
> > echo "$user:$password" | chroot $rootfs chpasswd
> > echo "$user password is $password !"
> >
> > root:root or ubuntu:ubuntu by default is very insecure
>
> The Ubuntu template supports --password which you should be using for
> that, the Debian template doesn't but writing a patch for this should be
> pretty simple.
Wouldn't this be even worse as anyone can see the password in "ps auxww"?
>
> We won't change the default values as way too many people rely on them
> for automation and it's really quite simple to script a password change
> to something safer before you start the container.
>
Thanks,
--
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4
C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140417/3f915a52/attachment.sig>
More information about the lxc-devel
mailing list