Hi On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau <[email protected]> wrote: > On Tue, Sep 22, 2015 at 11:16 AM, David Herrmann <[email protected]> > wrote: >> Hi >> >> On Tue, Sep 22, 2015 at 11:07 AM, Francis Moreau <[email protected]> >> wrote: >>> Hello, >>> >>> On Mon, Sep 21, 2015 at 7:45 PM, David Herrmann <[email protected]> >>> wrote: >>>> Hi >>>> >>>> On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau <[email protected]> >>>> wrote: >>>>> Hi, >>>>> >>>>> I find odd that systemd-firstboot skips root password init if >>>>> /etc/shadow exists because AFAICS this file is always part of a >>>>> minimal rootfs after being setup by an installer. Indeed it's >>>>> populated during package installation. >>>>> >>>>> So I can't see a case where systemd-firstboot would prompt for a root >>>>> password. >>>> >>>> If an installer ships a shadow file, then we expect the installer to >>>> populate it. The firstboot tool will recover situations where you >>>> deleted /etc entirely (eg., factory reset). >>> >>> From the man page " systemd-firstboot initializes the most basic >>> system settings interactively on the first boot, or optionally >>> non-interactively when a system image is created." >>> >>> And when a system image is created, usually root password won't be set >>> but it's *very* unlikely that /etc/shadow will be missing. That's the >>> reason why I don't think its going to work in real life. >> >> Why would an installer create an empty shadow file? > > Well during package installation done by the installer, some packages, > usually the ones that installs daemons/services, populates > /etc/shadow. > > On Archlinux, after creating a minimal rootfs, shadow file is containing: > > bin:x:14871:::::: > daemon:x:14871:::::: > mail:x:14871:::::: > ftp:x:14871:::::: > http:x:14871:::::: > uuidd:x:14871:::::: > dbus:x:14871:::::: > nobody:x:14871:::::: > systemd-journal-gateway:x:14871:::::: > systemd-timesync:x:14871:::::: > systemd-network:x:14871:::::: > systemd-bus-proxy:x:14871::::::
Then "fix" the installer? These entries look like no-ops to me. We assume that if the installer touches /etc, then it can as well prompt for a root-password. If you want to make use of firstboot, we recommend to adopt an "empty /etc" installer. If we support looking for "root" in shadow files and prompt if non-present, we start supporting legacy setups where /etc is half-populated. We don't want that. Either go full legacy and make your installer prompt for everything, or go "empty /etc" and firstboot will take over. >> >>> BTW, I don't know if recovering when /etc/ has been deleted is >>> possible even if systemd-firstboot will restore a couple of conf >>> files... >> >> Depending on your distribution, it is. > > Just out of curiosity, which distros are supposed to support that ? I can trash /etc on Archlinux and boot it as a container just fine. It doesn't work as a full system, yet. Not all packages have adopted empty /etc support. Thanks David _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
