From c8fbaa8f11215a944cabaece48e32d2f12afb366 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= Date: Wed, 23 Sep 2020 00:56:42 +0200 Subject: [PATCH] cmd/initContainer: Only remove passwords when needed When looking into logs of toolboxes using 'podman logs', one can notice that every "startup" log mentions removing the password for the user and root. These lines could be considered as bloat because what they're saying is actually not happening because appart from the first run the password are usually already gone. This makes the removal of password for the user and root conditional based on the output of 'passwd --status ' where value "NP" (meaning "no password") will be considered the only value that does not trigger the removal. Any other value will trigger the removal. --- src/cmd/initContainer.go | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go index 169153310..4ac021959 100644 --- a/src/cmd/initContainer.go +++ b/src/cmd/initContainer.go @@ -348,6 +348,8 @@ func initContainerHelp(cmd *cobra.Command, args []string) { func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShell string, homeLink, targetUserExists bool) error { + var stdout strings.Builder + if homeLink { if err := redirectPath("/home", "/var/home", true); err != nil { return err @@ -401,16 +403,29 @@ func configureUsers(targetUserUid int, } } - logrus.Debugf("Removing password for user %s", targetUser) + if err := shell.Run("passwd", nil, &stdout, nil, "--status", initContainerFlags.user); err != nil { + return fmt.Errorf("failed to check password status of user %s: %w", initContainerFlags.user, err) + } + userPasswordStatus := strings.Split(stdout.String(), " ")[1] + if userPasswordStatus != "NP" { + logrus.Debugf("Removing password for user %s", initContainerFlags.user) - if err := shell.Run("passwd", nil, nil, nil, "--delete", targetUser); err != nil { - return fmt.Errorf("failed to remove password for user %s", targetUser) + if err := shell.Run("passwd", nil, nil, nil, "--delete", initContainerFlags.user); err != nil { + return fmt.Errorf("failed to remove password for user %s", initContainerFlags.user) + } } + stdout.Reset() - logrus.Debug("Removing password for user root") + if err := shell.Run("passwd", nil, &stdout, nil, "--status", "root"); err != nil { + return fmt.Errorf("failed to check password status of root: %w", err) + } + rootPasswordStatus := strings.Split(stdout.String(), " ")[1] + if rootPasswordStatus != "NP" { + logrus.Debug("Removing password for user root") - if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil { - return errors.New("failed to remove password for root") + if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil { + return errors.New("failed to remove password for root") + } } return nil