[lxc-devel] [lxc/master] do not set insecure passwords
evgeni on Github
lxc-bot at linuxcontainers.org
Thu Dec 15 19:05:23 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 348 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161215/b88ac4aa/attachment.bin>
-------------- next part --------------
From 37fbf44812d94184face96243c2f489a03bd1d77 Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni at debian.org>
Date: Thu, 15 Dec 2016 19:52:50 +0100
Subject: [PATCH] do not set insecure passwords
Signed-off-by: Evgeni Golov <evgeni at debian.org>
---
templates/lxc-busybox.in | 29 -----------------------------
templates/lxc-opensuse.in | 1 -
templates/lxc-oracle.in | 8 +++-----
templates/lxc-plamo.in | 3 ---
templates/lxc-slackware.in | 4 ----
templates/lxc-sparclinux.in | 8 +++-----
6 files changed, 6 insertions(+), 47 deletions(-)
diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index 336fa12..0d8db33 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -330,35 +330,6 @@ configure_busybox()
chmod +s $rootfs/bin/passwd
touch $rootfs/etc/shadow
- # setting passwd for root
- CHPASSWD_FILE=$rootfs/root/chpasswd.sh
-
- cat <<EOF >$CHPASSWD_FILE
-echo "setting root password to \"root\""
-
-mount -n --bind /lib $rootfs/lib
-if [ \$? -ne 0 ]; then
- echo "Failed bind-mounting /lib at $rootfs/lib"
- exit 1
-fi
-
-chroot $rootfs chpasswd <<EOFF 2>/dev/null
-root:root
-EOFF
-
-
-if [ \$? -ne 0 ]; then
- echo "Failed to change root password"
- exit 1
-fi
-
-umount $rootfs/lib
-
-EOF
-
- lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
- rm $CHPASSWD_FILE
-
return 0
}
diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in
index 0774397..292f26d 100644
--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -116,7 +116,6 @@ EOF
touch $rootfs/etc/sysconfig/kernel
echo "Please change root-password !"
- echo "root:root" | chpasswd -R $rootfs
return 0
}
diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index 20c212b..19fe912 100644
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -462,12 +462,10 @@ EOF
fi
fi
- # add oracle user, set root password
+ # add oracle user
chroot $container_rootfs useradd -m -s /bin/bash oracle
- echo "oracle:oracle" | chroot $container_rootfs chpasswd
- echo "root:root" | chroot $container_rootfs chpasswd
- printf "Added container user:\033[1moracle\033[0m password:\033[1moracle\033[0m\n"
- printf "Added container user:\033[1mroot\033[0m password:\033[1mroot\033[0m\n"
+ printf "Added container user:\033[1moracle\033[0m\n"
+ printf "Added container user:\033[1mroot\033[0m\n"
}
# create the container's lxc config file
diff --git a/templates/lxc-plamo.in b/templates/lxc-plamo.in
index 009fa4f..c96e23e 100644
--- a/templates/lxc-plamo.in
+++ b/templates/lxc-plamo.in
@@ -186,9 +186,6 @@ configure_plamo() {
# glibc configure
mv $rootfs/etc/ld.so.conf{.new,}
chroot $rootfs ldconfig
- # root password
- echo "Setting root password to 'root'..."
- echo "root:root" | chroot $rootfs chpasswd
echo "Please change root password!"
ed - $rootfs/etc/rc.d/rc.S <<- "EOF"
/^mount -w -n -t proc/;/^mkdir \/dev\/shm/-1d
diff --git a/templates/lxc-slackware.in b/templates/lxc-slackware.in
index 5005918..216c7a7 100644
--- a/templates/lxc-slackware.in
+++ b/templates/lxc-slackware.in
@@ -471,10 +471,6 @@ sed -i 's/.*genpowerfail.*//' $rootfs/etc/inittab
# add a message to rc.local that confirms successful container startup
echo "echo ; echo \"* container $name started. *\" ; echo" >> $rootfs/etc/rc.d/rc.local
-# set a default combination for the luggage
-echo "root:root" | chroot $rootfs chpasswd
-echo "Root default password is 'root', please change it!"
-
# borrow the time configuration from the local machine
cp -a /etc/localtime $rootfs/etc/localtime
diff --git a/templates/lxc-sparclinux.in b/templates/lxc-sparclinux.in
index 70616ba..124c50b 100644
--- a/templates/lxc-sparclinux.in
+++ b/templates/lxc-sparclinux.in
@@ -296,12 +296,10 @@ EOF
echo "Timezone in container is not configured. Adjust it manually."
fi
- # add oracle user, set root password
+ # add oracle user
chroot $container_rootfs useradd -m -s /bin/bash oracle
- echo "oracle:oracle" | chroot $container_rootfs chpasswd
- echo "root:root" | chroot $container_rootfs chpasswd
- printf "Added container user:\033[1moracle\033[0m password:\033[1moracle\033[0m\n"
- printf "Added container user:\033[1mroot\033[0m password:\033[1mroot\033[0m\n"
+ printf "Added container user:\033[1moracle\033[0m\n"
+ printf "Added container user:\033[1mroot\033[0m\n"
}
# create the container's lxc config file
More information about the lxc-devel
mailing list