[lxc-devel] [PATCH] Add tuning knob to not expire root password in centos template
Mingjiang Shi
mrjewes at gmail.com
Sat Mar 15 14:36:42 UTC 2014
Hi All,
This patch adds a tuning knob (environment variable) to not expire the root
password.
Use case: One wants to set the root password when creating the container,
so he/she doesn't want to the password to be expired.
Usage:
root_password="<root password for the container>" root_expire_password=no
lxc-create -t centos -n <container name>
Signed-off-by: Mingjiang Shi <mrjewes at gmail dot com>
---
diff --git a/templates/lxc-centos.in b/templates/lxc-centos.in
index 55e0531..93f4f93 100644
--- a/templates/lxc-centos.in
+++ b/templates/lxc-centos.in
@@ -43,10 +43,12 @@ default_path=@LXCPATH@
#
# If root_display_password = yes, display the temporary root password at
exit.
# If root_store_password = yes, store it in the configuration directory
# If root_prompt_password = yes, invoke "passwd" to force the user to
change
# the root password after the container is created.
+# If root_expire_password = yes, you will be prompted to change the root
+# password at the first login.
#
# These are conditional assignments... The can be overridden from the
# preexisting environment variables...
#
# Make sure this is in single quotes to defer expansion to later!
@@ -59,10 +61,14 @@ default_path=@LXCPATH@
: ${root_store_password='yes'}
# Prompting for something interactive has potential for mayhem
# with users running under the API... Don't default to "yes"
: ${root_prompt_password='no'}
+# Expire root password? Default to yes, but can be overridden from
+# the environment variable
+: ${root_expire_password='yes'}
+
# These are only going into comments in the resulting config...
lxc_network_type=veth
lxc_network_link=lxcbr0
# is this centos?
@@ -337,12 +343,14 @@ EOF
echo ${root_password} > ${config_path}/tmp_root_pass
echo "Storing root password in '${config_path}/tmp_root_pass'"
fi
echo "root:$root_password" | chroot $rootfs_path chpasswd
- # Also set this password as expired to force the user to change it!
- chroot $rootfs_path passwd -e root
+ if [ ${root_expire_password} == "yes" ];then
+ # set this password as expired to force the user to change it!
+ chroot $rootfs_path passwd -e root
+ fi
# This will need to be enhanced for CentOS 7 when systemd
# comes into play... /\/\|=mhw=|\/\/
return 0
@@ -879,15 +887,17 @@ then
chroot ${rootfs_path} passwd
"
chroot ${rootfs_path} passwd
else
- echo "
-The root password is set up as "expired" and will require it to be changed
-at first login, which you should do as soon as possible. If you lose the
-root password or wish to change it without starting the container, you
-can change it from the host by running the following command (which will
-also reset the expired flag):
-
- chroot ${rootfs_path} passwd
-"
+ if [ ${root_expire_password} = "yes" ];then
+ echo "
+ The root password is set up as "expired" and will require it to be
changed
+ at first login, which you should do as soon as possible. If you lose
the
+ root password or wish to change it without starting the container, you
+ can change it from the host by running the following command (which
will
+ also reset the expired flag):
+
+ chroot ${rootfs_path} passwd
+ "
+ fi
fi
---
--
Thanks
-Mingjiang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140315/4b57032f/attachment.html>
More information about the lxc-devel
mailing list