Hi, I had this problem also with 1.0 released yesterday. I tried chroot /usr/local/var/lib/lxc/fedoraCT1/rootfs and passwd
and it worked Kevin On Fri, Dec 27, 2013 at 2:39 PM, Francisco <[email protected]> wrote: > I'm quite new to lxc, but did you try chrooting into the rootfs and simply > running passwd to reset it? > > Cheers, > Francisco. > > > On Thu, Dec 26, 2013 at 10:57 AM, Michael H. Warfield <[email protected]> > wrote: >> >> On Thu, 2013-12-26 at 07:16 -0800, Alan Hewson wrote: >> > On Wed, Dec 25, 2013 at 08:55:50PM -0500, Michael H. Warfield wrote: >> > > On Wed, 2013-12-25 at 20:13 -0500, Leonid Isaev wrote: >> > > > On Wed, 25 Dec 2013 19:17:19 -0500 >> > > > "Michael H. Warfield" <[email protected]> wrote: >> > > > >> > > > > On Wed, 2013-12-25 at 13:19 -0500, Leonid Isaev wrote: >> > > > > > On Wed, 25 Dec 2013 10:17:20 -0500 >> > > > > > "Michael H. Warfield" <[email protected]> wrote: >> > > > > >> > > > > > > In that case, you definitely need to go with 1.0.0-beta1 or >> > > > > > > better. I >> > > > > >> > > > > > is there anything special in the template that expects lxc-start >> > > > > > 1.0.0, or >> > > > > > one can simply download the template and run it as a bash >> > > > > > script, and keep >> > > > > > lxc 0.9.0? >> > > > > >> > > > > Nope. If you have a fully configured template from 1.0.0-beta1 >> > > > > and it >> > > > > should work perfectly fine on what you have. >> > > > > >> > > > > > > just did the same thing and root/root worked (we've got to >> > > > > > > figure out >> > > > > > > something better there) >> > > > > >> > > > > > What about generating a random passwd from /dev/random, e.g. >> > > > > > root_password="$(tr -cd '[:graph:]' < /dev/random | head -c >> > > > > > 15)", echo >> > > > > > $root_password to stdout and prompt the user to take note/change >> > > > > > it on 1st >> > > > > > login? >> > > > > >> > > > > I'm working on something now. I've already submitted a strawman >> > > > > proposal to the lxc-devel list for a root password like this: >> > > > > >> > > > > Root-${Container_Name}-${RANDOM} >> > > > > >> > > > > We'll see. >> > > > >> > > > Ah, sorry, I did not see that email... >> > > >> > > Understandable. That was on the lxc-devel list and this is on the >> > > lxc-users list. They don't (always) overlap. I'm proposing a change >> > > for these templates (and Dwight has to chime in on the Oracle >> > > template) >> > > and soliciting discussion. >> > > >> > > > I'll try to do something similar for the >> > > > archlinux template (it has an empty root password by default). >> > > >> > > And that's really bad if you have remote access enabled. >> > > >> > > > Also, as long as fedora/centos/oracle (not sure if that file exists >> > > > in >> > > > debian/ubuntu) are concerned, perhaps one can use host's >> > > > /etc/machine-id as a >> > > > ${RANDOM} part of the password. It is of course weaker than a random >> > > > string >> > > > but still no secrets are shipped in the template and at least an >> > > > admin won't >> > > > be accidently locked out of a remotely-generated container... >> > > >> > > Well, there's three parts to that... One is the root (sic) "Root". >> > > Then you have the ${Container_name}" like TwiddleDee. Then you have a >> > > 2^15 random number from ${RANDOM} (is that only a bashism???"). >> > > >> > > So... A new root password for TwiddleDee would be something like... >> > > >> > > Root-TwiddleDee-25984 >> > > >> > > With warnings to record it and change it. >> > > >> >> > I believe you can set passwd as "-e expired" forcing change at login. >> >> That's an interesting thought as well. >> >> > charles >> >> Regards, >> Mike >> >> > > Not great but better than what we have and it can easily (as always) >> > > be >> > > changed from the host. >> > > >> > > > Thanks, >> > > > Leonid. >> > > >> > > Regards, >> > > Mike >> > > >> > > > > >> > > > > > > >> > > > > > > Regards, >> > > > > > > Mike >> > > > > > > >> > > > > > >> > > > > > Cheers, >> > > > > > Leonid. >> > > > > >> > > > > Regards, >> > > > > Mike >> > > > >> > > > >> > > > >> > > > _______________________________________________ >> > > > lxc-users mailing list >> > > > [email protected] >> > > > http://lists.linuxcontainers.org/listinfo/lxc-users >> > > >> > > -- >> > > Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] >> > > /\/\|=mhw=|\/\/ | (678) 463-0932 | >> > > http://www.wittsend.com/mhw/ >> > > NIC whois: MHW9 | An optimist believes we live in the best >> > > of all >> > > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of >> > > it! >> > > >> > >> > >> > >> > > _______________________________________________ >> > > lxc-users mailing list >> > > [email protected] >> > > http://lists.linuxcontainers.org/listinfo/lxc-users >> > >> > _______________________________________________ >> > lxc-users mailing list >> > [email protected] >> > http://lists.linuxcontainers.org/listinfo/lxc-users >> > >> >> -- >> Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] >> /\/\|=mhw=|\/\/ | (678) 463-0932 | >> http://www.wittsend.com/mhw/ >> NIC whois: MHW9 | An optimist believes we live in the best of >> all >> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! >> >> >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
