[systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present

Francis Moreau francis.moro at gmail.com
Tue Sep 22 02:59:59 PDT 2015 

On Tue, Sep 22, 2015 at 11:16 AM, David Herrmann <dh.herrmann at gmail.com> wrote:
> Hi
>
> On Tue, Sep 22, 2015 at 11:07 AM, Francis Moreau <francis.moro at gmail.com> wrote:
>> Hello,
>>
>> On Mon, Sep 21, 2015 at 7:45 PM, David Herrmann <dh.herrmann at gmail.com> wrote:
>>> Hi
>>>
>>> On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau <francis.moro at gmail.com> wrote:
>>>> Hi,
>>>>
>>>> I find odd that systemd-firstboot skips root password init if
>>>> /etc/shadow exists because AFAICS this file is always part of a
>>>> minimal rootfs after being setup by an installer. Indeed it's
>>>> populated during package installation.
>>>>
>>>> So I can't see a case where systemd-firstboot would prompt for a root password.
>>>
>>> If an installer ships a shadow file, then we expect the installer to
>>> populate it. The firstboot tool will recover situations where you
>>> deleted /etc entirely (eg., factory reset).
>>
>> From the man page " systemd-firstboot initializes the most basic
>> system settings interactively on the first boot, or optionally
>> non-interactively when a system image is created."
>>
>> And when a system image is created, usually root password won't be set
>> but it's *very* unlikely that /etc/shadow will be missing. That's the
>> reason why I don't think its going to work in real life.
>
> Why would an installer create an empty shadow file?

Well during package installation done by the installer, some packages,
usually the ones that installs daemons/services, populates
/etc/shadow.

On Archlinux, after creating a minimal rootfs, shadow file is containing:

bin:x:14871::::::
daemon:x:14871::::::
mail:x:14871::::::
ftp:x:14871::::::
http:x:14871::::::
uuidd:x:14871::::::
dbus:x:14871::::::
nobody:x:14871::::::
systemd-journal-gateway:x:14871::::::
systemd-timesync:x:14871::::::
systemd-network:x:14871::::::
systemd-bus-proxy:x:14871::::::


>
>> BTW, I don't know if recovering when /etc/ has been deleted is
>> possible even if systemd-firstboot will restore a couple of conf
>> files...
>
> Depending on your distribution, it is.

Just out of curiosity, which distros are supposed to support that ?

Thanks
-- 
Francis

More information about the systemd-devel mailing list