[systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present
Francis Moreau
francis.moro at gmail.com
Tue Sep 22 05:26:25 PDT 2015
On Tue, Sep 22, 2015 at 12:19 PM, David Herrmann <dh.herrmann at gmail.com> wrote:
> On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau <francis.moro at gmail.com> wrote:
[...]
>>
>> Well during package installation done by the installer, some packages,
>> usually the ones that installs daemons/services, populates
>> /etc/shadow.
>>
>> On Archlinux, after creating a minimal rootfs, shadow file is containing:
>>
>> bin:x:14871::::::
>> daemon:x:14871::::::
>> mail:x:14871::::::
>> ftp:x:14871::::::
>> http:x:14871::::::
>> uuidd:x:14871::::::
>> dbus:x:14871::::::
>> nobody:x:14871::::::
>> systemd-journal-gateway:x:14871::::::
>> systemd-timesync:x:14871::::::
>> systemd-network:x:14871::::::
>> systemd-bus-proxy:x:14871::::::
>
> Then "fix" the installer? These entries look like no-ops to me. We
> assume that if the installer touches /etc, then it can as well prompt
> for a root-password. If you want to make use of firstboot, we
> recommend to adopt an "empty /etc" installer.
That's not about the installer, it's about packages and I suspect that
very few are ready to run without /etc.
And then if it's really the case, I think the man page of
systemd-firstboot should be fixed because it never mentions the words
"stateless" or "empty", which is quite fundamental in the design of
firstboot then.
>
> If we support looking for "root" in shadow files and prompt if
> non-present, we start supporting legacy setups where /etc is
> half-populated. We don't want that. Either go full legacy and make
> your installer prompt for everything, or go "empty /etc" and firstboot
> will take over.
>
What you're calling legacy systems are actually *all* systems
available out there: I don't think there's a actually a lot of
packages which are prepared to do that.
>>>
>>>> BTW, I don't know if recovering when /etc/ has been deleted is
>>>> possible even if systemd-firstboot will restore a couple of conf
>>>> files...
>>>
>>> Depending on your distribution, it is.
>>
>> Just out of curiosity, which distros are supposed to support that ?
>
> I can trash /etc on Archlinux and boot it as a container just fine. It
> doesn't work as a full system, yet.
Sure but what's your point ? your container is running no service at
all, so it's pretty useless.
> Not all packages have adopted empty /etc support.
You meant almost none of them ?
Thanks
--
Francis
More information about the systemd-devel
mailing list