[lxc-devel] [lxc/stable-2.0] [stable-2.0] default password cleanup
evgeni on Github
lxc-bot at linuxcontainers.org
Sat Mar 25 11:43:35 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 449 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170325/e1c63022/attachment.bin>
-------------- next part --------------
From ebb0cc532b7943cdbaf1ec7f6f9ab6541d5a04d8 Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni at debian.org>
Date: Wed, 13 Apr 2016 18:04:19 +0200
Subject: [PATCH 1/3] do not set the root password in the debian template
closes #302
Signed-off-by: Evgeni Golov <evgeni at debian.org>
---
templates/lxc-debian.in | 3 ---
1 file changed, 3 deletions(-)
diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
index 4d25ab8..4477aff 100644
--- a/templates/lxc-debian.in
+++ b/templates/lxc-debian.in
@@ -158,9 +158,6 @@ EOF
echo "Timezone in container is not configured. Adjust it manually."
fi
- echo "root:root" | chroot "$rootfs" chpasswd
- echo "Root password is 'root', please change !"
-
return 0
}
From ff7a7fdc31f43272c36b1cfbff5b6613f4198e17 Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni at debian.org>
Date: Thu, 15 Dec 2016 19:52:50 +0100
Subject: [PATCH 2/3] do not set insecure passwords
Signed-off-by: Evgeni Golov <evgeni at debian.org>
---
templates/lxc-busybox.in | 29 -----------------------------
templates/lxc-opensuse.in | 1 -
templates/lxc-oracle.in | 8 +++-----
templates/lxc-plamo.in | 3 ---
templates/lxc-slackware.in | 4 ----
templates/lxc-sparclinux.in | 8 +++-----
6 files changed, 6 insertions(+), 47 deletions(-)
diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index 336fa12..0d8db33 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -330,35 +330,6 @@ configure_busybox()
chmod +s $rootfs/bin/passwd
touch $rootfs/etc/shadow
- # setting passwd for root
- CHPASSWD_FILE=$rootfs/root/chpasswd.sh
-
- cat <<EOF >$CHPASSWD_FILE
-echo "setting root password to \"root\""
-
-mount -n --bind /lib $rootfs/lib
-if [ \$? -ne 0 ]; then
- echo "Failed bind-mounting /lib at $rootfs/lib"
- exit 1
-fi
-
-chroot $rootfs chpasswd <<EOFF 2>/dev/null
-root:root
-EOFF
-
-
-if [ \$? -ne 0 ]; then
- echo "Failed to change root password"
- exit 1
-fi
-
-umount $rootfs/lib
-
-EOF
-
- lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE
- rm $CHPASSWD_FILE
-
return 0
}
diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in
index 4896bc8..5e8686b 100644
--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -112,7 +112,6 @@ EOF
touch $rootfs/etc/sysconfig/kernel
echo "Please change root-password !"
- echo "root:root" | chpasswd -R $rootfs
return 0
}
diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index 20c212b..19fe912 100644
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -462,12 +462,10 @@ EOF
fi
fi
- # add oracle user, set root password
+ # add oracle user
chroot $container_rootfs useradd -m -s /bin/bash oracle
- echo "oracle:oracle" | chroot $container_rootfs chpasswd
- echo "root:root" | chroot $container_rootfs chpasswd
- printf "Added container user:\033[1moracle\033[0m password:\033[1moracle\033[0m\n"
- printf "Added container user:\033[1mroot\033[0m password:\033[1mroot\033[0m\n"
+ printf "Added container user:\033[1moracle\033[0m\n"
+ printf "Added container user:\033[1mroot\033[0m\n"
}
# create the container's lxc config file
diff --git a/templates/lxc-plamo.in b/templates/lxc-plamo.in
index 009fa4f..c96e23e 100644
--- a/templates/lxc-plamo.in
+++ b/templates/lxc-plamo.in
@@ -186,9 +186,6 @@ configure_plamo() {
# glibc configure
mv $rootfs/etc/ld.so.conf{.new,}
chroot $rootfs ldconfig
- # root password
- echo "Setting root password to 'root'..."
- echo "root:root" | chroot $rootfs chpasswd
echo "Please change root password!"
ed - $rootfs/etc/rc.d/rc.S <<- "EOF"
/^mount -w -n -t proc/;/^mkdir \/dev\/shm/-1d
diff --git a/templates/lxc-slackware.in b/templates/lxc-slackware.in
index 5005918..216c7a7 100644
--- a/templates/lxc-slackware.in
+++ b/templates/lxc-slackware.in
@@ -471,10 +471,6 @@ sed -i 's/.*genpowerfail.*//' $rootfs/etc/inittab
# add a message to rc.local that confirms successful container startup
echo "echo ; echo \"* container $name started. *\" ; echo" >> $rootfs/etc/rc.d/rc.local
-# set a default combination for the luggage
-echo "root:root" | chroot $rootfs chpasswd
-echo "Root default password is 'root', please change it!"
-
# borrow the time configuration from the local machine
cp -a /etc/localtime $rootfs/etc/localtime
diff --git a/templates/lxc-sparclinux.in b/templates/lxc-sparclinux.in
index 70616ba..124c50b 100644
--- a/templates/lxc-sparclinux.in
+++ b/templates/lxc-sparclinux.in
@@ -296,12 +296,10 @@ EOF
echo "Timezone in container is not configured. Adjust it manually."
fi
- # add oracle user, set root password
+ # add oracle user
chroot $container_rootfs useradd -m -s /bin/bash oracle
- echo "oracle:oracle" | chroot $container_rootfs chpasswd
- echo "root:root" | chroot $container_rootfs chpasswd
- printf "Added container user:\033[1moracle\033[0m password:\033[1moracle\033[0m\n"
- printf "Added container user:\033[1mroot\033[0m password:\033[1mroot\033[0m\n"
+ printf "Added container user:\033[1moracle\033[0m\n"
+ printf "Added container user:\033[1mroot\033[0m\n"
}
# create the container's lxc config file
From 8c7dddc25c47f9f060b91e0a39f7218aa433755c Mon Sep 17 00:00:00 2001
From: Evgeni Golov <evgeni at debian.org>
Date: Sun, 19 Mar 2017 18:47:17 +0100
Subject: [PATCH 3/3] don't set a default password for altlinux, gentoo,
openmandriva and pld
Refs: #1158
Signed-off-by: Evgeni Golov <evgeni at debian.org>
---
templates/lxc-altlinux.in | 7 ++++---
templates/lxc-gentoo.in | 3 ---
templates/lxc-openmandriva.in | 1 -
3 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/templates/lxc-altlinux.in b/templates/lxc-altlinux.in
index 69c18d4..7accf24 100644
--- a/templates/lxc-altlinux.in
+++ b/templates/lxc-altlinux.in
@@ -43,7 +43,6 @@ cache_base=@LOCALSTATEDIR@/cache/lxc/altlinux/$arch
default_path=@LXCPATH@
default_profile=default
profile_dir=/etc/lxc/profiles
-root_password=rooter
lxc_network_type=veth
lxc_network_link=virbr0
@@ -156,8 +155,10 @@ EOF
mkdir -m 755 ${dev_path}/net
mknod -m 666 ${dev_path}/net/tun c 10 200
- echo "setting root passwd to $root_password"
- echo "root:$root_password" | chroot $rootfs_path chpasswd
+ if [ -n "${root_password}" ]; then
+ echo "setting root passwd to $root_password"
+ echo "root:$root_password" | chroot $rootfs_path chpasswd
+ fi
return 0
}
diff --git a/templates/lxc-gentoo.in b/templates/lxc-gentoo.in
index 2ad16e8..47f24d0 100644
--- a/templates/lxc-gentoo.in
+++ b/templates/lxc-gentoo.in
@@ -654,8 +654,6 @@ container_auth()
printf " => done. if you didn't specify , default is 'toor'\n"
if [[ -n "${forced_password}" ]]; then
store_user_message "${user} has the password you give for him"
- else
- store_user_message "${user} has the default password 'toor', please change it ASAP"
fi
fi
@@ -779,7 +777,6 @@ set_default_arch
mirror="http://distfiles.gentoo.org"
user="root"
-password="toor"
tty=1
settings="common"
options=$(getopt -o hp:n:a:FcPv:t:S:u:w:s:m: -l help,rootfs:,path:,name:,arch:,flush-cache,cache-only,private-portage,variant:,portage-dir:,tarball:,auth-key:,user:,autologin,password:,settings:,mirror:,tty: -- "$@")
diff --git a/templates/lxc-openmandriva.in b/templates/lxc-openmandriva.in
index 12f9985..daba812 100644
--- a/templates/lxc-openmandriva.in
+++ b/templates/lxc-openmandriva.in
@@ -46,7 +46,6 @@ hostarch=$(uname -m)
cache_base="${LXC_CACHE_PATH:- at LOCALSTATEDIR@/cache/lxc/openmandriva/$arch}"
default_path=@LXCPATH@
default_profile=default
-root_password=root
lxc_network_type=veth
lxc_network_link=br0
More information about the lxc-devel
mailing list