diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-03-11 10:34:20 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-03-26 12:20:52 +0100 |
commit | 99e9f896fb491d13c6d02f6f5bbfceabae833f05 (patch) | |
tree | 40971a8dc2844edc5b0646c356b343f615d5aae9 /units/systemd-sysusers.service | |
parent | fc682be2612e7016188118f8ce82f9351dc2e9bf (diff) | |
download | systemd-99e9f896fb491d13c6d02f6f5bbfceabae833f05.tar.gz |
sysusers: read passwords from the credentials logic
Let's make use of our own credentials infrastructure in our tools: let's
hook up systemd-sysusers with the credentials logic, so that the root
password can be provisioned this way. This is really useful when working
with stateless systems, in particular nspawn's "--volatile=yes" switch,
as this works now:
# systemd-nspawn -i foo.raw --volatile=yes --set-credential=passwd.plaintext-password:foo
For the first time we have a nice, non-interactive way to provision the
root password for a fully stateless system from the container manager.
Yay!
Diffstat (limited to 'units/systemd-sysusers.service')
-rw-r--r-- | units/systemd-sysusers.service | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/units/systemd-sysusers.service b/units/systemd-sysusers.service index ff5b3db821..47373307b3 100644 --- a/units/systemd-sysusers.service +++ b/units/systemd-sysusers.service @@ -21,3 +21,10 @@ Type=oneshot RemainAfterExit=yes ExecStart=systemd-sysusers TimeoutSec=90s + +# Optionally, pick up a root password and shell for the root user from a +# credential passed to the service manager. This is useful for importing this +# data from nspawn's --set-credential= switch. +LoadCredential=passwd.hashed-password.root +LoadCredential=passwd.plaintext-password.root +LoadCredential=passwd.shell.root |