Bug 999126
Summary: | The root user should be created with no password by default | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jóhann B. Guðmundsson <johannbg> |
Component: | setup | Assignee: | Ondrej Vasik <ovasik> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | ovasik, pknirsch |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-08-22 10:52:48 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jóhann B. Guðmundsson
2013-08-20 19:07:03 UTC
I don't think this is a good idea. Feel free to bring it up on fedora devel list, otherwise I'll probably close that WONTFIX. Installer handles root user anyway, so changing default /etc/shadow is probably insufficient. I'll try to monitor the thread on fedora-devel, but feel free to post the link here to ensure this. So basically I'm working on delivering the best container creation out of the box for administrators in fedora/rhel where we create machine containers without the involvement of installer et all which is the reason for this request as well as the lack of the .bash* files in root's home directory which is the other bug I filed. I guess if you got F20/rawhide install handy somewhere ( or simply create a vm ) you can setup a test machine container to play with these quick and dirty directions. Due to bug in audit it's necessary to disable it for OS containers So start by disabling audit on the container host by adding audit=0 to GRUB_CMDLINE_LINUX in /etc/default/grub and run grub2-mkconfig -o /boot/grub2/grub.cfg to re-generate grub ( perfect admin step would start here ) Create the container directory # mkdir -p /containers/www.example01.com Install into it minimal package set ( you can also install debian and soon arch since the arch installer pacman is being submitted for package review in Fedora ) # yum -y --releasever=rawhide --nogpg --installroot=/containers/www.example01.com --disablerepo='*' --enablerepo=fedora install systemd passwd yum fedora-release vim-minimal procps-ng then spawn the container and set the machine hostname systemd-nspawn -jbD /containers/www.example01.com/ -M www.example01.com ( perfect admin steps for setup would stop here ) Now you start encountering series of bugs to fix... Login prompt does not show full hostname so when you log into the containers which both start with www.fqdn you dont know which host you are working on. ( which needs to be fixed consistently across the board login/command prompt ) You cannot log in since there is no default or empty password for root. There are no .bash* files in roots home directory so you need to workaround that by chrooting into the container, set the password and copy the /etc/skel files to root's home directory as well as to disable pam_loginuid.so to disable in /etc/pam.d/login so users can log in. So bugs just to be able to install run and log into os container that need to be fixed are.. ( then there is probably plethora of bugs outside that minimum ) a) audit should not have to be disabled #893751 b) unit file for the container should not have to be manually created #999120 c) pam_loginuid.so should not have to be disabled in /etc/pam.d/login #999450 d) serial and getty should show long hostname #999068 e) bashrc should default to show long hostnames #999086 f) contents of /etc/skel should be copied to roots home directory for proper bash prompt #999114 d) root password should arguably be empty by default #999126 ( this one ) Once we have fixed the above we can start focusing on other fallouts we might come across Based of feed back on devel there seems like there is more an conscious not setting the root password to empty hence closing. We can always reopen this if more people chime on that thread and that changes |