|
From: | Michael Käppler |
Subject: | Re: Doc: Correct and extend infos about LilyDev setup (issue 561360043 by address@hidden) |
Date: | Fri, 31 Jan 2020 09:02:39 +0100 |
User-agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 |
Am 30.01.2020 um 15:08 schrieb Federico Bruni:
I see that it's possible to log in as root user without any password _even in the virtual machine_. Not good.
That was my point.
I used the --password="" in the Makefile to avoid the step to set the password when starting the container with systemd-nspawn. In mkosi manual I read: --password=: Set the password of the root user. By default the root account is locked. If this option is not used but a file mkosi.rootpw exists in the local directory the root password is automatically read from it.So we may remove the --password option to keep the root account disabled and use the mkosi.rootpw to set the password. I will test this and hopefully include it in LilyDev v3.
I read the manual differently. I think mkosi.rootpw is just the 'file alternative' to the command line, like mkosi.container, etc. So if you set the password in mkosi.rootpw, the root account will be active, too. But I haven't tested this. IIUC, we could change the root login shell to /sbin/nologin to lock the root account in the post-install script. What do you think? Cheers, Michael
[Prev in Thread] | Current Thread | [Next in Thread] |