mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-08-14 07:47:05 +00:00
Added root_password_expired password control tuning knob.
Added the environment variable "root_password_expired" to control if the initial, temporary, root password is initially set up as "expired". If set to "yes" (default), the root password is set as "expired" and the user must change it at first login. Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This commit is contained in:
Michael H. Warfield
Stéphane Graber
parent
779b47fdca
commit
826cde7c21
@ -29,7 +29,7 @@
|
||||
#Configurations
|
||||
default_path=@LXCPATH@
|
||||
|
||||
# Some combinations of the tunning knobs below do not exactly make sense.
|
||||
# Some combinations of the tuning knobs below do not exactly make sense.
|
||||
# but that's ok.
|
||||
#
|
||||
# If the "root_password" is non-blank, use it, else set a default.
|
||||
@ -45,6 +45,8 @@ default_path=@LXCPATH@
|
||||
# If root_store_password = yes, store it in the configuration directory
|
||||
# If root_prompt_password = yes, invoke "passwd" to force the user to change
|
||||
# the root password after the container is created.
|
||||
# If root_expire_password = yes, you will be prompted to change the root
|
||||
# password at the first login.
|
||||
#
|
||||
# These are conditional assignments... The can be overridden from the
|
||||
# preexisting environment variables...
|
||||
@ -61,6 +63,10 @@ default_path=@LXCPATH@
|
||||
# with users running under the API... Don't default to "yes"
|
||||
: ${root_prompt_password='no'}
|
||||
|
||||
# Expire root password? Default to yes, but can be overridden from
|
||||
# the environment variable
|
||||
: ${root_expire_password='yes'}
|
||||
|
||||
# These are only going into comments in the resulting config...
|
||||
lxc_network_type=veth
|
||||
lxc_network_link=lxcbr0
|
||||
@ -346,8 +352,12 @@ EOF
|
||||
fi
|
||||
|
||||
echo "root:$root_password" | chroot $rootfs_path chpasswd
|
||||
# Also set this password as expired to force the user to change it!
|
||||
chroot $rootfs_path passwd -e root
|
||||
|
||||
if [ ${root_expire_password} = "yes" ]
|
||||
then
|
||||
# Also set this password as expired to force the user to change it!
|
||||
chroot $rootfs_path passwd -e root
|
||||
fi
|
||||
|
||||
# This will need to be enhanced for CentOS 7 when systemd
|
||||
# comes into play... /\/\|=mhw=|\/\/
|
||||
@ -900,7 +910,9 @@ then
|
||||
"
|
||||
chroot ${rootfs_path} passwd
|
||||
else
|
||||
echo "
|
||||
if [ ${root_expire_password} = "yes" ]
|
||||
then
|
||||
echo "
|
||||
The root password is set up as "expired" and will require it to be changed
|
||||
at first login, which you should do as soon as possible. If you lose the
|
||||
root password or wish to change it without starting the container, you
|
||||
@ -909,4 +921,5 @@ also reset the expired flag):
|
||||
|
||||
chroot ${rootfs_path} passwd
|
||||
"
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -29,7 +29,7 @@
|
||||
#Configurations
|
||||
default_path=@LXCPATH@
|
||||
|
||||
# Some combinations of the tunning knobs below do not exactly make sense.
|
||||
# Some combinations of the tuning knobs below do not exactly make sense.
|
||||
# but that's ok.
|
||||
#
|
||||
# If the "root_password" is non-blank, use it, else set a default.
|
||||
@ -45,6 +45,8 @@ default_path=@LXCPATH@
|
||||
# If root_store_password = yes, store it in the configuration directory
|
||||
# If root_prompt_password = yes, invoke "passwd" to force the user to change
|
||||
# the root password after the container is created.
|
||||
# If root_expire_password = yes, you will be prompted to change the root
|
||||
# password at the first login.
|
||||
#
|
||||
# These are conditional assignments... The can be overridden from the
|
||||
# preexisting environment variables...
|
||||
@ -61,6 +63,10 @@ default_path=@LXCPATH@
|
||||
# with users running under the API... Don't default to "yes"
|
||||
: ${root_prompt_password='no'}
|
||||
|
||||
# Expire root password? Default to yes, but can be overridden from
|
||||
# the environment variable
|
||||
: ${root_expire_password='yes'}
|
||||
|
||||
# These are only going into comments in the resulting config...
|
||||
lxc_network_type=veth
|
||||
lxc_network_link=lxcbr0
|
||||
@ -294,8 +300,12 @@ EOF
|
||||
fi
|
||||
|
||||
echo "root:$root_password" | chroot $rootfs_path chpasswd
|
||||
# Also set this password as expired to force the user to change it!
|
||||
chroot $rootfs_path passwd -e root
|
||||
|
||||
if [ ${root_expire_password} = "yes" ]
|
||||
then
|
||||
# Also set this password as expired to force the user to change it!
|
||||
chroot $rootfs_path passwd -e root
|
||||
fi
|
||||
|
||||
# specifying this in the initial packages doesn't always work.
|
||||
# Even though it should have...
|
||||
@ -1412,7 +1422,9 @@ then
|
||||
"
|
||||
chroot ${rootfs_path} passwd
|
||||
else
|
||||
echo "
|
||||
if [ ${root_expire_password} = "yes" ]
|
||||
then
|
||||
echo "
|
||||
The root password is set up as "expired" and will require it to be changed
|
||||
at first login, which you should do as soon as possible. If you lose the
|
||||
root password or wish to change it without starting the container, you
|
||||
@ -1421,4 +1433,5 @@ also reset the expired flag):
|
||||
|
||||
chroot ${rootfs_path} passwd
|
||||
"
|
||||
fi
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user