[systemd-devel] how to login into a container booting with a minimal 'debian distro unstable' via nspawn

Simon McVittie smcv at collabora.com
Mon Mar 26 11:26:19 UTC 2018


On Sun, 25 Mar 2018 at 19:50:24 +0300, Mantas Mikulėnas wrote:
> Does debootstrap actually create a passwordless root account?

No, it creates a system with all system accounts locked[1] (including
root, daemon, bin, www-data, etc.) and no non-system accounts. There is
no single correct answer for how a Debian system's users should be set
up, so debootstrap defers the decision to you.

If you want to log in via a getty (as opposed to just running commands
inside the chroot/container without booting it, which is perhaps a
more common use of debootstrap), then you will have to set or clear the
root account's password or create a non-root account.

In recent versions, a truly minimal Debian chroot/container (debootstrap
--variant=minbase) doesn't have an init system like systemd or sysvinit,
so it *can't* be booted in the normal way. The larger "standard system"
produced by debootstrap without --variant includes all packages with
Priority >= standard, including systemd for modern releases or sysvinit
for old releases, and can be booted.

    smcv

[1]
$ zcat minbase.tar.gz | tar -xO ./etc/passwd | grep root
root:x:0:0:root:/root:/bin/bash
$ zcat minbase.tar.gz | tar -xO ./etc/shadow | grep root
root:*:17365:0:99999:7:::


More information about the systemd-devel mailing list