Discussion:
how to login into a container booting with a minimal 'debian distro unstable' via nspawn
(too old to reply)
Florian Held
2018-03-25 16:36:14 UTC
Permalink
Raw Message
Hi,
how is it possible to log in into a container booting a minimal unstable
debian distro via nspawn. After running:

# debootstrap --arch=amd64 unstable ~/debian-tree/
# systemd-nspawn -bD ~/debian-tree/

prompts username followed by password. The combination

"root"
""

without quotes doesn't work. How can I login?

Thanks in advance,

Flo
Filipe Brandenburger
2018-03-25 16:48:53 UTC
Permalink
Raw Message
Hi Florian,
Post by Florian Held
how is it possible to log in into a container booting a minimal unstable
# debootstrap --arch=amd64 unstable ~/debian-tree/
# systemd-nspawn -bD ~/debian-tree/
prompts username followed by password. The combination
"root"
""
without quotes doesn't work. How can I login?
You can enter the container and just run a root shell on it with this command:

# systemd-nspawn -D ~/debian-tree/ /bin/sh

(That's equivalent of single-user mode or a rescue shell on a machine.)

At that step, you can change the root password:

# passwd root
<enter new password>

At that point, boot the container again (with "-b") and you should be
able to log in.

I hope that helps!

Cheers,
Filipe
Mantas Mikulėnas
2018-03-25 16:50:24 UTC
Permalink
Raw Message
Post by Florian Held
Hi,
how is it possible to log in into a container booting a minimal unstable
# debootstrap --arch=amd64 unstable ~/debian-tree/
# systemd-nspawn -bD ~/debian-tree/
prompts username followed by password. The combination
"root"
""
without quotes doesn't work. How can I login?
Does debootstrap actually create a passwordless root account?

If it's passwordless, make sure pam_securetty.so is not active (in the
container's /etc/pam.d).
--
Mantas Mikulėnas
Simon McVittie
2018-03-26 11:26:19 UTC
Permalink
Raw Message
Post by Mantas Mikulėnas
Does debootstrap actually create a passwordless root account?
No, it creates a system with all system accounts locked[1] (including
root, daemon, bin, www-data, etc.) and no non-system accounts. There is
no single correct answer for how a Debian system's users should be set
up, so debootstrap defers the decision to you.

If you want to log in via a getty (as opposed to just running commands
inside the chroot/container without booting it, which is perhaps a
more common use of debootstrap), then you will have to set or clear the
root account's password or create a non-root account.

In recent versions, a truly minimal Debian chroot/container (debootstrap
--variant=minbase) doesn't have an init system like systemd or sysvinit,
so it *can't* be booted in the normal way. The larger "standard system"
produced by debootstrap without --variant includes all packages with
Priority >= standard, including systemd for modern releases or sysvinit
for old releases, and can be booted.

smcv

[1]
$ zcat minbase.tar.gz | tar -xO ./etc/passwd | grep root
root:x:0:0:root:/root:/bin/bash
$ zcat minbase.tar.gz | tar -xO ./etc/shadow | grep root
root:*:17365:0:99999:7:::

Loading...