[lxc-devel] [PATCH] Add tuning knob to not expire root password in centos template

Serge Hallyn serge.hallyn at ubuntu.com
Mon Mar 17 14:06:52 UTC 2014


Quoting Mingjiang Shi (mrjewes at gmail.com):
> Hi All,
> This patch adds a tuning knob (environment variable) to not expire the root
> password.
> 
> Use case: One wants to set the root password when creating the container,
> so he/she doesn't want to the password to be expired.
> 
> Usage:
> root_password="<root password for the container>" root_expire_password=no
> lxc-create -t centos -n <container name>
> 
> Signed-off-by: Mingjiang Shi <mrjewes at gmail dot com>

I don't particularly like the use of == in shell (except when
intended), but it'll do the right thing in this case.

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

I'll wait until Michael's review to apply.

> 
> ---
> diff --git a/templates/lxc-centos.in b/templates/lxc-centos.in
> index 55e0531..93f4f93 100644
> --- a/templates/lxc-centos.in
> +++ b/templates/lxc-centos.in
> @@ -43,10 +43,12 @@ default_path=@LXCPATH@
>  #
>  # If root_display_password = yes, display the temporary root password at
> exit.
>  # If root_store_password = yes, store it in the configuration directory
>  # If root_prompt_password = yes, invoke "passwd" to force the user to
> change
>  # the root password after the container is created.
> +# If root_expire_password = yes, you will be prompted to change the root
> +# password at the first login.
>  #
>  # These are conditional assignments...  The can be overridden from the
>  # preexisting environment variables...
>  #
>  # Make sure this is in single quotes to defer expansion to later!
> @@ -59,10 +61,14 @@ default_path=@LXCPATH@
>  : ${root_store_password='yes'}
>  # Prompting for something interactive has potential for mayhem
>  # with users running under the API...  Don't default to "yes"
>  : ${root_prompt_password='no'}
> 
> +# Expire root password? Default to yes, but can be overridden from
> +# the environment variable
> +: ${root_expire_password='yes'}
> +
>  # These are only going into comments in the resulting config...
>  lxc_network_type=veth
>  lxc_network_link=lxcbr0
> 
>  # is this centos?
> @@ -337,12 +343,14 @@ EOF
>          echo ${root_password} > ${config_path}/tmp_root_pass
>          echo "Storing root password in '${config_path}/tmp_root_pass'"
>      fi
> 
>      echo "root:$root_password" | chroot $rootfs_path chpasswd
> -    # Also set this password as expired to force the user to change it!
> -    chroot $rootfs_path passwd -e root
> +    if [ ${root_expire_password} == "yes" ];then
> +        # set this password as expired to force the user to change it!
> +        chroot $rootfs_path passwd -e root
> +    fi
> 
>      # This will need to be enhanced for CentOS 7 when systemd
>      # comes into play...   /\/\|=mhw=|\/\/
> 
>      return 0
> @@ -879,15 +887,17 @@ then
> 
>          chroot ${rootfs_path} passwd
>  "
>      chroot ${rootfs_path} passwd
>  else
> -    echo "
> -The root password is set up as "expired" and will require it to be changed
> -at first login, which you should do as soon as possible.  If you lose the
> -root password or wish to change it without starting the container, you
> -can change it from the host by running the following command (which will
> -also reset the expired flag):
> -
> -        chroot ${rootfs_path} passwd
> -"
> +    if [ ${root_expire_password} = "yes" ];then
> +        echo "
> +    The root password is set up as "expired" and will require it to be
> changed
> +    at first login, which you should do as soon as possible.  If you lose
> the
> +    root password or wish to change it without starting the container, you
> +    can change it from the host by running the following command (which
> will
> +    also reset the expired flag):
> +
> +            chroot ${rootfs_path} passwd
> +    "
> +    fi
>  fi
> ---
> -- 
> Thanks
> -Mingjiang

> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel



More information about the lxc-devel mailing list