[lxc-users] credentials for fedora container

Kevin Wilson wkevils at gmail.com
Fri Feb 21 18:10:27 UTC 2014


Hi,
I had this problem also with 1.0 released yesterday.
I tried
chroot  /usr/local/var/lib/lxc/fedoraCT1/rootfs
and passwd

and it worked
Kevin


On Fri, Dec 27, 2013 at 2:39 PM, Francisco <listas at caraotas.net> wrote:
> I'm quite new to lxc, but did you try chrooting into the rootfs and simply
> running passwd to reset it?
>
> Cheers,
> Francisco.
>
>
> On Thu, Dec 26, 2013 at 10:57 AM, Michael H. Warfield <mhw at wittsend.com>
> wrote:
>>
>> On Thu, 2013-12-26 at 07:16 -0800, Alan Hewson wrote:
>> > On Wed, Dec 25, 2013 at 08:55:50PM -0500, Michael H. Warfield wrote:
>> > > On Wed, 2013-12-25 at 20:13 -0500, Leonid Isaev wrote:
>> > > > On Wed, 25 Dec 2013 19:17:19 -0500
>> > > > "Michael H. Warfield" <mhw at WittsEnd.com> wrote:
>> > > >
>> > > > > On Wed, 2013-12-25 at 13:19 -0500, Leonid Isaev wrote:
>> > > > > > On Wed, 25 Dec 2013 10:17:20 -0500
>> > > > > > "Michael H. Warfield" <mhw at WittsEnd.com> wrote:
>> > > > >
>> > > > > > > In that case, you definitely need to go with 1.0.0-beta1 or
>> > > > > > > better.  I
>> > > > >
>> > > > > > is there anything special in the template that expects lxc-start
>> > > > > > 1.0.0, or
>> > > > > > one can simply download the template and run it as a bash
>> > > > > > script, and keep
>> > > > > > lxc 0.9.0?
>> > > > >
>> > > > > Nope.  If you have a fully configured template from 1.0.0-beta1
>> > > > > and it
>> > > > > should work perfectly fine on what you have.
>> > > > >
>> > > > > > > just did the same thing and root/root worked (we've got to
>> > > > > > > figure out
>> > > > > > > something better there)
>> > > > >
>> > > > > > What about generating a random passwd from /dev/random, e.g.
>> > > > > > root_password="$(tr -cd '[:graph:]' < /dev/random | head -c
>> > > > > > 15)", echo
>> > > > > > $root_password to stdout and prompt the user to take note/change
>> > > > > > it on 1st
>> > > > > > login?
>> > > > >
>> > > > > I'm working on something now.  I've already submitted a strawman
>> > > > > proposal to the lxc-devel list for a root password like this:
>> > > > >
>> > > > > Root-${Container_Name}-${RANDOM}
>> > > > >
>> > > > > We'll see.
>> > > >
>> > > > Ah, sorry, I did not see that email...
>> > >
>> > > Understandable.  That was on the lxc-devel list and this is on the
>> > > lxc-users list.  They don't (always) overlap.  I'm proposing a change
>> > > for these templates (and Dwight has to chime in on the Oracle
>> > > template)
>> > > and soliciting discussion.
>> > >
>> > > > I'll try to do something similar for the
>> > > > archlinux template (it has an empty root password by default).
>> > >
>> > > And that's really bad if you have remote access enabled.
>> > >
>> > > > Also, as long as fedora/centos/oracle (not sure if that file exists
>> > > > in
>> > > > debian/ubuntu) are concerned, perhaps one can use host's
>> > > > /etc/machine-id as a
>> > > > ${RANDOM} part of the password. It is of course weaker than a random
>> > > > string
>> > > > but still no secrets are shipped in the template and at least an
>> > > > admin won't
>> > > > be accidently locked out of a remotely-generated container...
>> > >
>> > > Well, there's three parts to that...  One is the root (sic) "Root".
>> > > Then you have the ${Container_name}" like TwiddleDee.  Then you have a
>> > > 2^15 random number from ${RANDOM} (is that only a bashism???").
>> > >
>> > > So...  A new root password for TwiddleDee would be something like...
>> > >
>> > > Root-TwiddleDee-25984
>> > >
>> > > With warnings to record it and change it.
>> > >
>>
>> > I believe you can set passwd as "-e expired" forcing change at login.
>>
>> That's an interesting thought as well.
>>
>> > charles
>>
>> Regards,
>> Mike
>>
>> > > Not great but better than what we have and it can easily (as always)
>> > > be
>> > > changed from the host.
>> > >
>> > > > Thanks,
>> > > > Leonid.
>> > >
>> > > Regards,
>> > > Mike
>> > >
>> > > > >
>> > > > > > >
>> > > > > > > Regards,
>> > > > > > > Mike
>> > > > > > >
>> > > > > >
>> > > > > > Cheers,
>> > > > > > Leonid.
>> > > > >
>> > > > > Regards,
>> > > > > Mike
>> > > >
>> > > >
>> > > >
>> > > > _______________________________________________
>> > > > lxc-users mailing list
>> > > > lxc-users at lists.linuxcontainers.org
>> > > > http://lists.linuxcontainers.org/listinfo/lxc-users
>> > >
>> > > --
>> > > Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>> > >    /\/\|=mhw=|\/\/          | (678) 463-0932 |
>> > > http://www.wittsend.com/mhw/
>> > >    NIC whois: MHW9          | An optimist believes we live in the best
>> > > of all
>> > >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of
>> > > it!
>> > >
>> >
>> >
>> >
>> > > _______________________________________________
>> > > lxc-users mailing list
>> > > lxc-users at lists.linuxcontainers.org
>> > > http://lists.linuxcontainers.org/listinfo/lxc-users
>> >
>> > _______________________________________________
>> > lxc-users mailing list
>> > lxc-users at lists.linuxcontainers.org
>> > http://lists.linuxcontainers.org/listinfo/lxc-users
>> >
>>
>> --
>> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
>> http://www.wittsend.com/mhw/
>>    NIC whois: MHW9          | An optimist believes we live in the best of
>> all
>>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>>
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


More information about the lxc-users mailing list