cmd/initContainer: Only remove passwords when needed

When looking into logs of toolboxes using 'podman logs', one can notice that every "startup" log mentions removing the password for the user and root. These lines could be considered as bloat because what they're saying is actually not happening because appart from the first run the password are usually already gone. This makes the removal of password for the user and root conditional based on the output of 'passwd --status <username>' where value "NP" (meaning "no password") will be considered the only value that does not trigger the removal. Any other value will trigger the removal.
containers · Sep 23, 2020 · c8fbaa8 · c8fbaa8
1 parent ff4e490
commit c8fbaa8
Showing 1 changed file with 21 additions and 6 deletions.
diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go
@@ -348,6 +348,8 @@ func initContainerHelp(cmd *cobra.Command, args []string) {
 func configureUsers(targetUserUid int,
 	targetUser, targetUserHome, targetUserShell string,
 	homeLink, targetUserExists bool) error {
+	var stdout strings.Builder
+
 	if homeLink {
 		if err := redirectPath("/home", "/var/home", true); err != nil {
 			return err
@@ -401,16 +403,29 @@ func configureUsers(targetUserUid int,
 		}
 	}
 
-	logrus.Debugf("Removing password for user %s", targetUser)
+	if err := shell.Run("passwd", nil, &stdout, nil, "--status", initContainerFlags.user); err != nil {
+		return fmt.Errorf("failed to check password status of user %s: %w", initContainerFlags.user, err)
+	}
+	userPasswordStatus := strings.Split(stdout.String(), " ")[1]
+	if userPasswordStatus != "NP" {
+		logrus.Debugf("Removing password for user %s", initContainerFlags.user)
 
-	if err := shell.Run("passwd", nil, nil, nil, "--delete", targetUser); err != nil {
-		return fmt.Errorf("failed to remove password for user %s", targetUser)
+		if err := shell.Run("passwd", nil, nil, nil, "--delete", initContainerFlags.user); err != nil {
+			return fmt.Errorf("failed to remove password for user %s", initContainerFlags.user)
+		}
 	}
+	stdout.Reset()
 
-	logrus.Debug("Removing password for user root")
+	if err := shell.Run("passwd", nil, &stdout, nil, "--status", "root"); err != nil {
+		return fmt.Errorf("failed to check password status of root: %w", err)
+	}
+	rootPasswordStatus := strings.Split(stdout.String(), " ")[1]
+	if rootPasswordStatus != "NP" {
+		logrus.Debug("Removing password for user root")
 
-	if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil {
-		return errors.New("failed to remove password for root")
+		if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil {
+			return errors.New("failed to remove password for root")
+		}
 	}
 
 	return nil