Skip to content

Commit

Permalink
cmd/initContainer: Simplify removing the user's password
Browse files Browse the repository at this point in the history 
It's one less invocation of an external command, which is good because
spawning a new process is generally expensive.

One positive side-effect of this is that on some Active Directory
set-ups, the entry point no longer fails with:
  Error: failed to remove password for user [email protected]: failed
      to invoke passwd(1)

... because of:
  # passwd --delete [email protected]
  passwd: Libuser error at line: 210 - name contains invalid char `@'.

This is purely an accident, and isn't meant to be an intential change to
support Active Directory.  Tools like useradd(8) and usermod(8) from
Shadow aren't meant to work with Active Directory users, and, hence, it
can still break in other ways.  For that, one option is to expose $USER
from the host operating system to the Toolbx container through a Varlink
interface that can be used by nss-systemd inside the container.

Based on an idea from Si.

containers#585
  • Loading branch information
@debarshiray
debarshiray committed Aug 24, 2023
1 parent 983e07a commit b1b1d45
Showing 1 changed file with 2 additions and 6 deletions.
8 changes: 2 additions & 6 deletions src/cmd/initContainer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -393,6 +393,7 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe
"--groups", sudoGroup,
"--home-dir", targetUserHome,
"--no-create-home",
"--password", "",
"--shell", targetUserShell,
"--uid", fmt.Sprint(targetUserUid),
targetUser,
Expand All @@ -413,6 +414,7 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe
"--append",
"--groups", sudoGroup,
"--home", targetUserHome,
"--password", "",
"--shell", targetUserShell,
"--uid", fmt.Sprint(targetUserUid),
targetUser,
Expand All @@ -428,12 +430,6 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe
}
}

logrus.Debugf("Removing password for user %s", targetUser)

if err := shell.Run("passwd", nil, nil, nil, "--delete", targetUser); err != nil {
return fmt.Errorf("failed to remove password for user %s: %w", targetUser, err)
}

logrus.Debug("Removing password for user root")

if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil {
Expand Down

0 comments on commit b1b1d45

Please sign in to comment.