cmd/initContainer: Simplify removing the user's password
It's one less invocation of an external command, which is good because spawning a new process is generally expensive. One positive side-effect of this is that on some Active Directory set-ups, the entry point no longer fails with: Error: failed to remove password for user login@company.com: failed to invoke passwd(1) ... because of: # passwd --delete login@company.com passwd: Libuser error at line: 210 - name contains invalid char `@'. This is purely an accident, and isn't meant to be an intential change to support Active Directory. Tools like useradd(8) and usermod(8) from Shadow aren't meant to work with Active Directory users, and, hence, it can still break in other ways. For that, one option is to expose $USER from the host operating system to the Toolbx container through a Varlink interface that can be used by nss-systemd inside the container. Based on an idea from Si. https://github.com/containers/toolbox/issues/585
This commit is contained in:
parent
983e07adf6
commit
b1b1d459ed
1 changed files with 2 additions and 6 deletions
|
@ -393,6 +393,7 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe
|
||||||
"--groups", sudoGroup,
|
"--groups", sudoGroup,
|
||||||
"--home-dir", targetUserHome,
|
"--home-dir", targetUserHome,
|
||||||
"--no-create-home",
|
"--no-create-home",
|
||||||
|
"--password", "",
|
||||||
"--shell", targetUserShell,
|
"--shell", targetUserShell,
|
||||||
"--uid", fmt.Sprint(targetUserUid),
|
"--uid", fmt.Sprint(targetUserUid),
|
||||||
targetUser,
|
targetUser,
|
||||||
|
@ -413,6 +414,7 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe
|
||||||
"--append",
|
"--append",
|
||||||
"--groups", sudoGroup,
|
"--groups", sudoGroup,
|
||||||
"--home", targetUserHome,
|
"--home", targetUserHome,
|
||||||
|
"--password", "",
|
||||||
"--shell", targetUserShell,
|
"--shell", targetUserShell,
|
||||||
"--uid", fmt.Sprint(targetUserUid),
|
"--uid", fmt.Sprint(targetUserUid),
|
||||||
targetUser,
|
targetUser,
|
||||||
|
@ -428,12 +430,6 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
logrus.Debugf("Removing password for user %s", targetUser)
|
|
||||||
|
|
||||||
if err := shell.Run("passwd", nil, nil, nil, "--delete", targetUser); err != nil {
|
|
||||||
return fmt.Errorf("failed to remove password for user %s: %w", targetUser, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
logrus.Debug("Removing password for user root")
|
logrus.Debug("Removing password for user root")
|
||||||
|
|
||||||
if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil {
|
if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil {
|
||||||
|
|
Loading…
Reference in a new issue