Re: [systemd-devel] how to login into a container booting with a minimal 'debian distro unstable' via nspawn

[Simon McVittie]

On Sun, 25 Mar 2018 at 19:50:24 +0300, Mantas Mikulėnas wrote:
> Does debootstrap actually create a passwordless root account?

No, it creates a system with all system accounts locked[1] (including
root, daemon, bin, www-data, etc.) and no non-system accounts. There is
no single correct answer for how a Debian system's users should be set
up, so debootstrap defers the decision to you.

If you want to log in via a getty (as opposed to just running commands
inside the chroot/container without booting it, which is perhaps a
more common use of debootstrap), then you will have to set or clear the
root account's password or create a non-root account.

In recent versions, a truly minimal Debian chroot/container (debootstrap
--variant=minbase) doesn't have an init system like systemd or sysvinit,
so it *can't* be booted in the normal way. The larger "standard system"
produced by debootstrap without --variant includes all packages with
Priority >= standard, including systemd for modern releases or sysvinit
for old releases, and can be booted.

smcv

[1]
$ zcat minbase.tar.gz | tar -xO ./etc/passwd | grep root
root:x:0:0:root:/root:/bin/bash
$ zcat minbase.tar.gz | tar -xO ./etc/shadow | grep root
root:*:17365:0:9:7:::
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] how to login into a container booting with a minimal 'debian distro unstable' via nspawn

[Mantas Mikulėnas]

On Sun, Mar 25, 2018 at 7:36 PM, Florian Held 
wrote:

> Hi,
> how is it possible to log in into a container booting a minimal unstable
> debian distro via nspawn. After running:
>
> # debootstrap --arch=amd64 unstable ~/debian-tree/
> # systemd-nspawn -bD ~/debian-tree/
>
> prompts username followed by password. The combination
>
> "root"
> ""
>
> without quotes doesn't work. How can I login?
>
>
Does debootstrap actually create a passwordless root account?

If it's passwordless, make sure pam_securetty.so is not active (in the
container's /etc/pam.d).


-- 
Mantas Mikulėnas
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] how to login into a container booting with a minimal 'debian distro unstable' via nspawn

[Filipe Brandenburger]

Hi Florian,

On Sun, Mar 25, 2018 at 9:36 AM, Florian Held  wrote:
> how is it possible to log in into a container booting a minimal unstable
> debian distro via nspawn. After running:
>
> # debootstrap --arch=amd64 unstable ~/debian-tree/
> # systemd-nspawn -bD ~/debian-tree/
>
> prompts username followed by password. The combination
>
> "root"
> ""
>
> without quotes doesn't work. How can I login?

You can enter the container and just run a root shell on it with this command:

  # systemd-nspawn -D ~/debian-tree/ /bin/sh

(That's equivalent of single-user mode or a rescue shell on a machine.)

At that step, you can change the root password:

  # passwd root
  

At that point, boot the container again (with "-b") and you should be
able to log in.

I hope that helps!

Cheers,
Filipe


smime.p7s
Description: S/MIME Cryptographic Signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] how to login into a container booting with a minimal 'debian distro unstable' via nspawn

[Florian Held]

Hi,
how is it possible to log in into a container booting a minimal unstable
debian distro via nspawn. After running:

# debootstrap --arch=amd64 unstable ~/debian-tree/
# systemd-nspawn -bD ~/debian-tree/

prompts username followed by password. The combination

"root"
""

without quotes doesn't work. How can I login?

Thanks in advance,

Flo
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel