Re: Doc: Correct and extend infos about LilyDev setup (issue 561360043 by address@hidden)

[Federico Bruni]

Il giorno ven 31 gen 2020 alle ore 09:07 Michael Käppler <address@hidden>
ha scritto:

> Am 30.01.2020 um 15:08 schrieb Federico Bruni:
> > I see that it's possible to log in as root user without any password
> _even
> > in the virtual machine_. Not good.
> That was my point.
> > I used the --password="" in the Makefile to avoid the step to set the
> > password when starting the container with systemd-nspawn.
> >
> > In mkosi manual I read:
> >
> > --password=
> >> : Set the password of the root user. By default the root account is
> >> locked. If this option is not used but a file mkosi.rootpw exists in the
> >> local directory the root password is automatically read from it.
> >>
> > So we may remove the --password option to keep the root account disabled
> > and use the mkosi.rootpw to set the password.
> > I will test this and hopefully include it in LilyDev v3.
> I read the manual differently. I think mkosi.rootpw is just the 'file
> alternative' to
> the command line, like mkosi.container, etc. So if you set the password
> in mkosi.rootpw,
> the root account will be active, too. But I haven't tested this.
>

You're right. I read too quickly and thought that this could be a kind of
custom user file, while it's part of the files used to build the image.



> IIUC, we could change the root login shell to /sbin/nologin to lock the
> root account
> in the post-install script. What do you think?
>
>
I have a second thought about this.
The whole point of setting a blank root password was that systemd-nspawn
required a root login (at least 2 years ago). In fact in the README I
suggested to log in as root and then change to dev. But I see that I can
log in as dev without any problem (systemd version 243). Can you confirm
you can log in as dev in the container?

So I'll just remove the --password="" from the Makefile and change the
README accordingly.