proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-16 21:46:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added root_password_expired password control tuning knob.

Browse Source 
Added the environment variable "root_password_expired" to
control if the initial, temporary, root password is initially
set up as "expired".  If set to "yes" (default), the root password
is set as "expired" and the user must change it at first login.

Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This commit is contained in:
Michael H. Warfield 2014-03-22 13:59:59 -04:00 committed by Stéphane Graber
parent 779b47fdca
commit 826cde7c21
2 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
templates/lxc-centos.in
View File

@ -29,7 +29,7 @@
#Configurations #Configurations
default_path=@LXCPATH@ default_path=@LXCPATH@
# Some combinations of the tunning knobs below do not exactly make sense. # Some combinations of the tuning knobs below do not exactly make sense.
# but that's ok. # but that's ok.
# #
# If the "root_password" is non-blank, use it, else set a default. # If the "root_password" is non-blank, use it, else set a default.
@ -45,6 +45,8 @@ default_path=@LXCPATH@
# If root_store_password = yes, store it in the configuration directory # If root_store_password = yes, store it in the configuration directory
# If root_prompt_password = yes, invoke "passwd" to force the user to change # If root_prompt_password = yes, invoke "passwd" to force the user to change
# the root password after the container is created. # the root password after the container is created.
# If root_expire_password = yes, you will be prompted to change the root
# password at the first login.
# #
# These are conditional assignments... The can be overridden from the # These are conditional assignments... The can be overridden from the
# preexisting environment variables... # preexisting environment variables...
@ -61,6 +63,10 @@ default_path=@LXCPATH@
# with users running under the API... Don't default to "yes" # with users running under the API... Don't default to "yes"
: ${root_prompt_password='no'} : ${root_prompt_password='no'}
# Expire root password? Default to yes, but can be overridden from
# the environment variable
: ${root_expire_password='yes'}
# These are only going into comments in the resulting config... # These are only going into comments in the resulting config...
lxc_network_type=veth lxc_network_type=veth
lxc_network_link=lxcbr0 lxc_network_link=lxcbr0
@ -346,8 +352,12 @@ EOF
fi fi
echo "root:$root_password" | chroot $rootfs_path chpasswd echo "root:$root_password" | chroot $rootfs_path chpasswd
# Also set this password as expired to force the user to change it!
chroot $rootfs_path passwd -e root if [ ${root_expire_password} = "yes" ]
then
# Also set this password as expired to force the user to change it!
chroot $rootfs_path passwd -e root
fi
# This will need to be enhanced for CentOS 7 when systemd # This will need to be enhanced for CentOS 7 when systemd
# comes into play... /\/\|=mhw=|\/\/ # comes into play... /\/\|=mhw=|\/\/
@ -900,7 +910,9 @@ then
" "
chroot ${rootfs_path} passwd chroot ${rootfs_path} passwd
else else
echo " if [ ${root_expire_password} = "yes" ]
then
echo "
The root password is set up as "expired" and will require it to be changed The root password is set up as "expired" and will require it to be changed
at first login, which you should do as soon as possible. If you lose the at first login, which you should do as soon as possible. If you lose the
root password or wish to change it without starting the container, you root password or wish to change it without starting the container, you
@ -909,4 +921,5 @@ also reset the expired flag):
chroot ${rootfs_path} passwd chroot ${rootfs_path} passwd
" "
fi
fi fi

21
templates/lxc-fedora.in
View File

@ -29,7 +29,7 @@
#Configurations #Configurations
default_path=@LXCPATH@ default_path=@LXCPATH@
# Some combinations of the tunning knobs below do not exactly make sense. # Some combinations of the tuning knobs below do not exactly make sense.
# but that's ok. # but that's ok.
# #
# If the "root_password" is non-blank, use it, else set a default. # If the "root_password" is non-blank, use it, else set a default.
@ -45,6 +45,8 @@ default_path=@LXCPATH@
# If root_store_password = yes, store it in the configuration directory # If root_store_password = yes, store it in the configuration directory
# If root_prompt_password = yes, invoke "passwd" to force the user to change # If root_prompt_password = yes, invoke "passwd" to force the user to change
# the root password after the container is created. # the root password after the container is created.
# If root_expire_password = yes, you will be prompted to change the root
# password at the first login.
# #
# These are conditional assignments... The can be overridden from the # These are conditional assignments... The can be overridden from the
# preexisting environment variables... # preexisting environment variables...
@ -61,6 +63,10 @@ default_path=@LXCPATH@
# with users running under the API... Don't default to "yes" # with users running under the API... Don't default to "yes"
: ${root_prompt_password='no'} : ${root_prompt_password='no'}
# Expire root password? Default to yes, but can be overridden from
# the environment variable
: ${root_expire_password='yes'}
# These are only going into comments in the resulting config... # These are only going into comments in the resulting config...
lxc_network_type=veth lxc_network_type=veth
lxc_network_link=lxcbr0 lxc_network_link=lxcbr0
@ -294,8 +300,12 @@ EOF
fi fi
echo "root:$root_password" | chroot $rootfs_path chpasswd echo "root:$root_password" | chroot $rootfs_path chpasswd
# Also set this password as expired to force the user to change it!
chroot $rootfs_path passwd -e root if [ ${root_expire_password} = "yes" ]
then
# Also set this password as expired to force the user to change it!
chroot $rootfs_path passwd -e root
fi
# specifying this in the initial packages doesn't always work. # specifying this in the initial packages doesn't always work.
# Even though it should have... # Even though it should have...
@ -1412,7 +1422,9 @@ then
" "
chroot ${rootfs_path} passwd chroot ${rootfs_path} passwd
else else
echo " if [ ${root_expire_password} = "yes" ]
then
echo "
The root password is set up as "expired" and will require it to be changed The root password is set up as "expired" and will require it to be changed
at first login, which you should do as soon as possible. If you lose the at first login, which you should do as soon as possible. If you lose the
root password or wish to change it without starting the container, you root password or wish to change it without starting the container, you
@ -1421,4 +1433,5 @@ also reset the expired flag):
chroot ${rootfs_path} passwd chroot ${rootfs_path} passwd
" "
fi
fi fi