[pkg-lxc-devel] Bug#831850: lxc: Please add a way to set root password for debian template

[Evgeni Golov]

Hi,

On Wed, Jul 20, 2016 at 09:25:25AM +0200, Laurent Bigonville wrote:

> I saw the sentence added to the README.Debian claiming that
> "Most templates ship without a root password", but this seems false.
> 
> Looking at the other templates it seems that a lot of them (ie.
> Fedora/Centos) are setting a root password, basically only ubuntu and
> debian now are not doing so.

I should have phrased that entry differently :-)
There is a current overview of what (if any) passwords are set at [1].
Most templates ship with either "root" or no password, only Fedora/CentOS has a random one set.

> More over there is an effort on their side to make the default images more secure:
> https://fedoraproject.org/wiki/LXC_Template_Security_Improvements

Well, this page seems stuck in 2015. No?

> Shouldn't debian follow the scheme used by Fedora/CentOS to set the root
> password?
> 
> Or at least generate a default random password?

I must admit I see no value in having a password in container.
Debian shipped a patch to set a random password (instead of "root"), which now has been replaced with the patch that was accepted upstream.
Upstream plans to drop all passwords and let the user change it if needed using lxc-attach.

> The extra actions needed to set a root password after the installation
> of the image are not completely obvious.

I hoped to have this documented in the README, were the steps not enough?

Regards
Evgeni

[1] https://github.com/lxc/lxc/issues/1158