[lxc-devel] [PATCH] Add tuning knob to not expire root password in centos template
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Mar 17 14:06:52 UTC 2014
Quoting Mingjiang Shi (mrjewes at gmail.com):
> Hi All,
> This patch adds a tuning knob (environment variable) to not expire the root
> password.
>
> Use case: One wants to set the root password when creating the container,
> so he/she doesn't want to the password to be expired.
>
> Usage:
> root_password="<root password for the container>" root_expire_password=no
> lxc-create -t centos -n <container name>
>
> Signed-off-by: Mingjiang Shi <mrjewes at gmail dot com>
I don't particularly like the use of == in shell (except when
intended), but it'll do the right thing in this case.
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
I'll wait until Michael's review to apply.
>
> ---
> diff --git a/templates/lxc-centos.in b/templates/lxc-centos.in
> index 55e0531..93f4f93 100644
> --- a/templates/lxc-centos.in
> +++ b/templates/lxc-centos.in
> @@ -43,10 +43,12 @@ default_path=@LXCPATH@
> #
> # If root_display_password = yes, display the temporary root password at
> exit.
> # If root_store_password = yes, store it in the configuration directory
> # If root_prompt_password = yes, invoke "passwd" to force the user to
> change
> # the root password after the container is created.
> +# If root_expire_password = yes, you will be prompted to change the root
> +# password at the first login.
> #
> # These are conditional assignments... The can be overridden from the
> # preexisting environment variables...
> #
> # Make sure this is in single quotes to defer expansion to later!
> @@ -59,10 +61,14 @@ default_path=@LXCPATH@
> : ${root_store_password='yes'}
> # Prompting for something interactive has potential for mayhem
> # with users running under the API... Don't default to "yes"
> : ${root_prompt_password='no'}
>
> +# Expire root password? Default to yes, but can be overridden from
> +# the environment variable
> +: ${root_expire_password='yes'}
> +
> # These are only going into comments in the resulting config...
> lxc_network_type=veth
> lxc_network_link=lxcbr0
>
> # is this centos?
> @@ -337,12 +343,14 @@ EOF
> echo ${root_password} > ${config_path}/tmp_root_pass
> echo "Storing root password in '${config_path}/tmp_root_pass'"
> fi
>
> echo "root:$root_password" | chroot $rootfs_path chpasswd
> - # Also set this password as expired to force the user to change it!
> - chroot $rootfs_path passwd -e root
> + if [ ${root_expire_password} == "yes" ];then
> + # set this password as expired to force the user to change it!
> + chroot $rootfs_path passwd -e root
> + fi
>
> # This will need to be enhanced for CentOS 7 when systemd
> # comes into play... /\/\|=mhw=|\/\/
>
> return 0
> @@ -879,15 +887,17 @@ then
>
> chroot ${rootfs_path} passwd
> "
> chroot ${rootfs_path} passwd
> else
> - echo "
> -The root password is set up as "expired" and will require it to be changed
> -at first login, which you should do as soon as possible. If you lose the
> -root password or wish to change it without starting the container, you
> -can change it from the host by running the following command (which will
> -also reset the expired flag):
> -
> - chroot ${rootfs_path} passwd
> -"
> + if [ ${root_expire_password} = "yes" ];then
> + echo "
> + The root password is set up as "expired" and will require it to be
> changed
> + at first login, which you should do as soon as possible. If you lose
> the
> + root password or wish to change it without starting the container, you
> + can change it from the host by running the following command (which
> will
> + also reset the expired flag):
> +
> + chroot ${rootfs_path} passwd
> + "
> + fi
> fi
> ---
> --
> Thanks
> -Mingjiang
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list