Am 30.01.2020 um 15:08 schrieb Federico Bruni:
I see that it's possible to log in as root user without any password _even
in the virtual machine_. Not good.
That was my point.
I used the --password="" in the Makefile to avoid the step to set the
password when starting the container with systemd-nspawn.
In mkosi manual I read:
--password=
: Set the password of the root user. By default the root account is
locked. If this option is not used but a file mkosi.rootpw exists in the
local directory the root password is automatically read from it.
So we may remove the --password option to keep the root account disabled
and use the mkosi.rootpw to set the password.
I will test this and hopefully include it in LilyDev v3.
I read the manual differently. I think mkosi.rootpw is just the 'file
alternative' to
the command line, like mkosi.container, etc. So if you set the password
in mkosi.rootpw,
the root account will be active, too. But I haven't tested this.
IIUC, we could change the root login shell to /sbin/nologin to lock the
root account
in the post-install script. What do you think?
Cheers,
Michael
