Il giorno gio 30 gen 2020 alle ore 12:18 <michael.kaepp...@googlemail.com> ha scritto:
> On 2020/01/29 15:36:59, fedelogy wrote: > > LGTM > > > > Just two thoughts: > > > > 1. I'm not sure why you suggest how to set the root password, as the > dev user > > can get admin privileges via sudo. > > Well, I just thought that it would be bad idea for >any< Linux system > to leave the root password unsetted. Maybe the amount of damage that > can occur to the host system through the virtualization barrier is > small, > but at least it minimizes the risk of scrambling your guest system by > accident. If you use 'sudo', you have to think about what you type, at > least. > AFAIK, Ubuntu disables the root account by default, for such reasons. > But you could argue that the docs suggest to log in as 'dev', anyway, > and if I do want to log in as root, it does not matter if I have to use > a password or none. > What do you think about disabling the root account? > > I see that it's possible to log in as root user without any password _even in the virtual machine_. Not good. I used the --password="" in the Makefile to avoid the step to set the password when starting the container with systemd-nspawn. In mkosi manual I read: --password= > > : Set the password of the root user. By default the root account is > locked. If this option is not used but a file mkosi.rootpw exists in the > local directory the root password is automatically read from it. > So we may remove the --password option to keep the root account disabled and use the mkosi.rootpw to set the password. I will test this and hopefully include it in LilyDev v3.