Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present
Hi On Tue, Sep 22, 2015 at 11:07 AM, Francis Moreauwrote: > Hello, > > On Mon, Sep 21, 2015 at 7:45 PM, David Herrmann wrote: >> Hi >> >> On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau >> wrote: >>> Hi, >>> >>> I find odd that systemd-firstboot skips root password init if >>> /etc/shadow exists because AFAICS this file is always part of a >>> minimal rootfs after being setup by an installer. Indeed it's >>> populated during package installation. >>> >>> So I can't see a case where systemd-firstboot would prompt for a root >>> password. >> >> If an installer ships a shadow file, then we expect the installer to >> populate it. The firstboot tool will recover situations where you >> deleted /etc entirely (eg., factory reset). > > From the man page " systemd-firstboot initializes the most basic > system settings interactively on the first boot, or optionally > non-interactively when a system image is created." > > And when a system image is created, usually root password won't be set > but it's *very* unlikely that /etc/shadow will be missing. That's the > reason why I don't think its going to work in real life. Why would an installer create an empty shadow file? > BTW, I don't know if recovering when /etc/ has been deleted is > possible even if systemd-firstboot will restore a couple of conf > files... Depending on your distribution, it is. Thanks David ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present
Hello, On Mon, Sep 21, 2015 at 7:45 PM, David Herrmannwrote: > Hi > > On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau > wrote: >> Hi, >> >> I find odd that systemd-firstboot skips root password init if >> /etc/shadow exists because AFAICS this file is always part of a >> minimal rootfs after being setup by an installer. Indeed it's >> populated during package installation. >> >> So I can't see a case where systemd-firstboot would prompt for a root >> password. > > If an installer ships a shadow file, then we expect the installer to > populate it. The firstboot tool will recover situations where you > deleted /etc entirely (eg., factory reset). From the man page " systemd-firstboot initializes the most basic system settings interactively on the first boot, or optionally non-interactively when a system image is created." And when a system image is created, usually root password won't be set but it's *very* unlikely that /etc/shadow will be missing. That's the reason why I don't think its going to work in real life. BTW, I don't know if recovering when /etc/ has been deleted is possible even if systemd-firstboot will restore a couple of conf files... Thanks. -- Francis ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present
On Tue, Sep 22, 2015 at 11:16 AM, David Herrmannwrote: > Hi > > On Tue, Sep 22, 2015 at 11:07 AM, Francis Moreau > wrote: >> Hello, >> >> On Mon, Sep 21, 2015 at 7:45 PM, David Herrmann >> wrote: >>> Hi >>> >>> On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau >>> wrote: Hi, I find odd that systemd-firstboot skips root password init if /etc/shadow exists because AFAICS this file is always part of a minimal rootfs after being setup by an installer. Indeed it's populated during package installation. So I can't see a case where systemd-firstboot would prompt for a root password. >>> >>> If an installer ships a shadow file, then we expect the installer to >>> populate it. The firstboot tool will recover situations where you >>> deleted /etc entirely (eg., factory reset). >> >> From the man page " systemd-firstboot initializes the most basic >> system settings interactively on the first boot, or optionally >> non-interactively when a system image is created." >> >> And when a system image is created, usually root password won't be set >> but it's *very* unlikely that /etc/shadow will be missing. That's the >> reason why I don't think its going to work in real life. > > Why would an installer create an empty shadow file? Well during package installation done by the installer, some packages, usually the ones that installs daemons/services, populates /etc/shadow. On Archlinux, after creating a minimal rootfs, shadow file is containing: bin:x:14871:: daemon:x:14871:: mail:x:14871:: ftp:x:14871:: http:x:14871:: uuidd:x:14871:: dbus:x:14871:: nobody:x:14871:: systemd-journal-gateway:x:14871:: systemd-timesync:x:14871:: systemd-network:x:14871:: systemd-bus-proxy:x:14871:: > >> BTW, I don't know if recovering when /etc/ has been deleted is >> possible even if systemd-firstboot will restore a couple of conf >> files... > > Depending on your distribution, it is. Just out of curiosity, which distros are supposed to support that ? Thanks -- Francis ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present
Hi On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreauwrote: > On Tue, Sep 22, 2015 at 11:16 AM, David Herrmann > wrote: >> Hi >> >> On Tue, Sep 22, 2015 at 11:07 AM, Francis Moreau >> wrote: >>> Hello, >>> >>> On Mon, Sep 21, 2015 at 7:45 PM, David Herrmann >>> wrote: Hi On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau wrote: > Hi, > > I find odd that systemd-firstboot skips root password init if > /etc/shadow exists because AFAICS this file is always part of a > minimal rootfs after being setup by an installer. Indeed it's > populated during package installation. > > So I can't see a case where systemd-firstboot would prompt for a root > password. If an installer ships a shadow file, then we expect the installer to populate it. The firstboot tool will recover situations where you deleted /etc entirely (eg., factory reset). >>> >>> From the man page " systemd-firstboot initializes the most basic >>> system settings interactively on the first boot, or optionally >>> non-interactively when a system image is created." >>> >>> And when a system image is created, usually root password won't be set >>> but it's *very* unlikely that /etc/shadow will be missing. That's the >>> reason why I don't think its going to work in real life. >> >> Why would an installer create an empty shadow file? > > Well during package installation done by the installer, some packages, > usually the ones that installs daemons/services, populates > /etc/shadow. > > On Archlinux, after creating a minimal rootfs, shadow file is containing: > > bin:x:14871:: > daemon:x:14871:: > mail:x:14871:: > ftp:x:14871:: > http:x:14871:: > uuidd:x:14871:: > dbus:x:14871:: > nobody:x:14871:: > systemd-journal-gateway:x:14871:: > systemd-timesync:x:14871:: > systemd-network:x:14871:: > systemd-bus-proxy:x:14871:: Then "fix" the installer? These entries look like no-ops to me. We assume that if the installer touches /etc, then it can as well prompt for a root-password. If you want to make use of firstboot, we recommend to adopt an "empty /etc" installer. If we support looking for "root" in shadow files and prompt if non-present, we start supporting legacy setups where /etc is half-populated. We don't want that. Either go full legacy and make your installer prompt for everything, or go "empty /etc" and firstboot will take over. >> >>> BTW, I don't know if recovering when /etc/ has been deleted is >>> possible even if systemd-firstboot will restore a couple of conf >>> files... >> >> Depending on your distribution, it is. > > Just out of curiosity, which distros are supposed to support that ? I can trash /etc on Archlinux and boot it as a container just fine. It doesn't work as a full system, yet. Not all packages have adopted empty /etc support. Thanks David ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present
On Tue, Sep 22, 2015 at 12:19 PM, David Herrmannwrote: > On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau > wrote: [...] >> >> Well during package installation done by the installer, some packages, >> usually the ones that installs daemons/services, populates >> /etc/shadow. >> >> On Archlinux, after creating a minimal rootfs, shadow file is containing: >> >> bin:x:14871:: >> daemon:x:14871:: >> mail:x:14871:: >> ftp:x:14871:: >> http:x:14871:: >> uuidd:x:14871:: >> dbus:x:14871:: >> nobody:x:14871:: >> systemd-journal-gateway:x:14871:: >> systemd-timesync:x:14871:: >> systemd-network:x:14871:: >> systemd-bus-proxy:x:14871:: > > Then "fix" the installer? These entries look like no-ops to me. We > assume that if the installer touches /etc, then it can as well prompt > for a root-password. If you want to make use of firstboot, we > recommend to adopt an "empty /etc" installer. That's not about the installer, it's about packages and I suspect that very few are ready to run without /etc. And then if it's really the case, I think the man page of systemd-firstboot should be fixed because it never mentions the words "stateless" or "empty", which is quite fundamental in the design of firstboot then. > > If we support looking for "root" in shadow files and prompt if > non-present, we start supporting legacy setups where /etc is > half-populated. We don't want that. Either go full legacy and make > your installer prompt for everything, or go "empty /etc" and firstboot > will take over. > What you're calling legacy systems are actually *all* systems available out there: I don't think there's a actually a lot of packages which are prepared to do that. >>> BTW, I don't know if recovering when /etc/ has been deleted is possible even if systemd-firstboot will restore a couple of conf files... >>> >>> Depending on your distribution, it is. >> >> Just out of curiosity, which distros are supposed to support that ? > > I can trash /etc on Archlinux and boot it as a container just fine. It > doesn't work as a full system, yet. Sure but what's your point ? your container is running no service at all, so it's pretty useless. > Not all packages have adopted empty /etc support. You meant almost none of them ? Thanks -- Francis ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present
Hi On Tue, Sep 22, 2015 at 2:26 PM, Francis Moreauwrote: > On Tue, Sep 22, 2015 at 12:19 PM, David Herrmann > wrote: >> On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau >> wrote: > [...] >>> >>> Well during package installation done by the installer, some packages, >>> usually the ones that installs daemons/services, populates >>> /etc/shadow. >>> >>> On Archlinux, after creating a minimal rootfs, shadow file is containing: >>> >>> bin:x:14871:: >>> daemon:x:14871:: >>> mail:x:14871:: >>> ftp:x:14871:: >>> http:x:14871:: >>> uuidd:x:14871:: >>> dbus:x:14871:: >>> nobody:x:14871:: >>> systemd-journal-gateway:x:14871:: >>> systemd-timesync:x:14871:: >>> systemd-network:x:14871:: >>> systemd-bus-proxy:x:14871:: >> >> Then "fix" the installer? These entries look like no-ops to me. We >> assume that if the installer touches /etc, then it can as well prompt >> for a root-password. If you want to make use of firstboot, we >> recommend to adopt an "empty /etc" installer. > > That's not about the installer, it's about packages and I suspect that > very few are ready to run without /etc. Ok, then fix those packages. > And then if it's really the case, I think the man page of > systemd-firstboot should be fixed because it never mentions the words > "stateless" or "empty", which is quite fundamental in the design of > firstboot then. > >> >> If we support looking for "root" in shadow files and prompt if >> non-present, we start supporting legacy setups where /etc is >> half-populated. We don't want that. Either go full legacy and make >> your installer prompt for everything, or go "empty /etc" and firstboot >> will take over. >> > > What you're calling legacy systems are actually *all* systems > available out there: I don't think there's a actually a lot of > packages which are prepared to do that. We fix the packages we care about. I encourage everyone to do the same. All upstream systemd can do is provide a guideline. > BTW, I don't know if recovering when /etc/ has been deleted is > possible even if systemd-firstboot will restore a couple of conf > files... Depending on your distribution, it is. >>> >>> Just out of curiosity, which distros are supposed to support that ? >> >> I can trash /etc on Archlinux and boot it as a container just fine. It >> doesn't work as a full system, yet. > > Sure but what's your point ? your container is running no service at > all, so it's pretty useless. Why? You can store static configuration in /usr just fine. The point is to get rid of _runtime_ configuration in /etc that can be modified. Instead, you should ship vendor configuration via /usr (or /usr/factory if packages are broken), and make it *read-only*. >> Not all packages have adopted empty /etc support. > > You meant almost none of them ? No. Thanks David ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present
On Tue, Sep 22, 2015 at 2:35 PM, David Herrmannwrote: > Hi > > On Tue, Sep 22, 2015 at 2:26 PM, Francis Moreau > wrote: >> On Tue, Sep 22, 2015 at 12:19 PM, David Herrmann >> wrote: >>> On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau >>> wrote: >> [...] Well during package installation done by the installer, some packages, usually the ones that installs daemons/services, populates /etc/shadow. On Archlinux, after creating a minimal rootfs, shadow file is containing: bin:x:14871:: daemon:x:14871:: mail:x:14871:: ftp:x:14871:: http:x:14871:: uuidd:x:14871:: dbus:x:14871:: nobody:x:14871:: systemd-journal-gateway:x:14871:: systemd-timesync:x:14871:: systemd-network:x:14871:: systemd-bus-proxy:x:14871:: >>> >>> Then "fix" the installer? These entries look like no-ops to me. We >>> assume that if the installer touches /etc, then it can as well prompt >>> for a root-password. If you want to make use of firstboot, we >>> recommend to adopt an "empty /etc" installer. >> >> That's not about the installer, it's about packages and I suspect that >> very few are ready to run without /etc. > > Ok, then fix those packages. > >> And then if it's really the case, I think the man page of >> systemd-firstboot should be fixed because it never mentions the words >> "stateless" or "empty", which is quite fundamental in the design of >> firstboot then. >> >>> >>> If we support looking for "root" in shadow files and prompt if >>> non-present, we start supporting legacy setups where /etc is >>> half-populated. We don't want that. Either go full legacy and make >>> your installer prompt for everything, or go "empty /etc" and firstboot >>> will take over. >>> >> >> What you're calling legacy systems are actually *all* systems >> available out there: I don't think there's a actually a lot of >> packages which are prepared to do that. > > We fix the packages we care about. I encourage everyone to do the > same. All upstream systemd can do is provide a guideline. > > >> BTW, I don't know if recovering when /etc/ has been deleted is >> possible even if systemd-firstboot will restore a couple of conf >> files... > > Depending on your distribution, it is. Just out of curiosity, which distros are supposed to support that ? >>> >>> I can trash /etc on Archlinux and boot it as a container just fine. It >>> doesn't work as a full system, yet. >> >> Sure but what's your point ? your container is running no service at >> all, so it's pretty useless. > > Why? You can store static configuration in /usr just fine. The point > is to get rid of _runtime_ configuration in /etc that can be modified. You mean here put runtime configuration in /etc. don't you ? > Instead, you should ship vendor configuration via /usr (or > /usr/factory if packages are broken), and make it *read-only*. > The condition to run systemd-firstboot.service is ConditionFirstBoot=yes which means /etc/machine-id should not exist. But that's different from /etc/ should be empty. Also the man page doesnt mention the need of an emtpy /etc or a stateless system. I can understand your point of systemd-firstboot is for stateless systems, but again this should be documented. Thanks. -- Francis ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present
Hi, I find odd that systemd-firstboot skips root password init if /etc/shadow exists because AFAICS this file is always part of a minimal rootfs after being setup by an installer. Indeed it's populated during package installation. So I can't see a case where systemd-firstboot would prompt for a root password. Thanks. -- Francis ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel