[lxc-devel] [PATCH] Add tuning knob to not expire root password in centos template

[Mingjiang Shi]

Hi All,
This patch adds a tuning knob (environment variable) to not expire the root
password.

Use case: One wants to set the root password when creating the container,
so he/she doesn't want to the password to be expired.

Usage:
root_password="<root password for the container>" root_expire_password=no
lxc-create -t centos -n <container name>

Signed-off-by: Mingjiang Shi <mrjewes at gmail dot com>

---
diff --git a/templates/lxc-centos.in b/templates/lxc-centos.in
index 55e0531..93f4f93 100644
--- a/templates/lxc-centos.in
+++ b/templates/lxc-centos.in
@@ -43,10 +43,12 @@ default_path=@LXCPATH@
 #
 # If root_display_password = yes, display the temporary root password at
exit.
 # If root_store_password = yes, store it in the configuration directory
 # If root_prompt_password = yes, invoke "passwd" to force the user to
change
 # the root password after the container is created.
+# If root_expire_password = yes, you will be prompted to change the root
+# password at the first login.
 #
 # These are conditional assignments...  The can be overridden from the
 # preexisting environment variables...
 #
 # Make sure this is in single quotes to defer expansion to later!
@@ -59,10 +61,14 @@ default_path=@LXCPATH@
 : ${root_store_password='yes'}
 # Prompting for something interactive has potential for mayhem
 # with users running under the API...  Don't default to "yes"
 : ${root_prompt_password='no'}

+# Expire root password? Default to yes, but can be overridden from
+# the environment variable
+: ${root_expire_password='yes'}
+
 # These are only going into comments in the resulting config...
 lxc_network_type=veth
 lxc_network_link=lxcbr0

 # is this centos?
@@ -337,12 +343,14 @@ EOF
         echo ${root_password} > ${config_path}/tmp_root_pass
         echo "Storing root password in '${config_path}/tmp_root_pass'"
     fi

     echo "root:$root_password" | chroot $rootfs_path chpasswd
-    # Also set this password as expired to force the user to change it!
-    chroot $rootfs_path passwd -e root
+    if [ ${root_expire_password} == "yes" ];then
+        # set this password as expired to force the user to change it!
+        chroot $rootfs_path passwd -e root
+    fi

     # This will need to be enhanced for CentOS 7 when systemd
     # comes into play...   /\/\|=mhw=|\/\/

     return 0
@@ -879,15 +887,17 @@ then

         chroot ${rootfs_path} passwd
 "
     chroot ${rootfs_path} passwd
 else
-    echo "
-The root password is set up as "expired" and will require it to be changed
-at first login, which you should do as soon as possible.  If you lose the
-root password or wish to change it without starting the container, you
-can change it from the host by running the following command (which will
-also reset the expired flag):
-
-        chroot ${rootfs_path} passwd
-"
+    if [ ${root_expire_password} = "yes" ];then
+        echo "
+    The root password is set up as "expired" and will require it to be
changed
+    at first login, which you should do as soon as possible.  If you lose
the
+    root password or wish to change it without starting the container, you
+    can change it from the host by running the following command (which
will
+    also reset the expired flag):
+
+            chroot ${rootfs_path} passwd
+    "
+    fi
 fi
---
-- 
Thanks
-Mingjiang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140315/4b57032f/attachment.html>