Jails' "default" root password is empty, not starred out

M

mamalos

Hey all,

I am writing this post in this place, because it is probably unrelated to sysutils/qjail, since I've seen it before when I was creating my jails using FreeBSD's handbook guidelines. Nevertheless, I came across this problem again today, when I used sysutils/qjail for the first time. The problem is -as the title already implies- that root's default password inside the jail is empty, not *, which means that any user belonging to wheel group inside that jail, can su(1) to root, or can login as root with an empty password where a root login session is permitted.

Here's what I did:

Code: 
# qjail install
# qjail create -n lo1 -d 30 jail 192.168.16.10
# chroot /usr/jails/jail-1
# vipw

# $FreeBSD: release/9.1.0/etc/master.passwd 218047 2011-01-28 22:29:38Z pjd $
#
root::0:0::0:0:Charlie &:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:

This must be related to the default /usr/src/etc/master.passwd file used by make installworld that contains an empty root password.

My opinion is that, if this empty password is not needed anywhere, it should either be changed to *, or at least be documented on the FreeBSD handbook, in order to avoid jails with empty root passwords (I came accross this problem more than once).
 
I think this is more a case of having the wrong expectations or assumptions. It's quite obvious the password is empty, everything else is too.

It's even mentioned in the jail(8) man page:
Code: 
   Configuring the Jail
     Start any jail for the first time without configuring the network inter-
     face so that you can clean it up a little and set up accounts.  [b]As with
     any machine (virtual or not) you will need to set a root password, time
     zone, etc.[/b]  Some of these steps apply only if you intend to run a full
     virtual server inside the jail; others apply both for constraining a par-
     ticular application or for running a virtual server.
 
mamalos said:
This must be related to the default /usr/src/etc/master.passwd file used by make installworld that contains an empty root password.
Click to expand...

That is correct and the same thing happens if you install a FreeBSD system using CLI. You end up with no root password unless you specify one.
 
Guys, I'd agree with you, if there is a reason it should be that way that I am not aware of, or if it was documented on the Handbook even if it is documented in the jail(8)'s man page. Many things mentioned in this man page are explained on the Handbook as well, why not this too?

I am not filing a bug here, I am just mentioning something that I have come across a few times and that probably applies to others-who-thought-like-me as well, and who might not have even noticed it.
 
mamalos said:
Guys, I'd agree with you, if there is a reason it should be that way that I am not aware of, or if it was documented on the Handbook even if it is documented in the jail(8)'s man page. Many things mentioned in this man page are explained on the Handbook as well, why not this too?
Click to expand...
It won't hurt mentioning it in the handbook as well. With a big exclamation mark on it.
 
@mamalos,

I was just emphasizing your point about the default master.passwd which in my opinion also should not be empty for root.
 
Sorry @gkontos, you're right, I misunderstood your post! I read your answer right after SD's, so I related your "That is correct..." part with SD's answer:).

OK, what do you guys propose we do? Send an email to the stable or the doc list? Cause I am not sure if sending a pr would be appropriate for this case.

Thanx for your interest.
 
The documentation mailing list is probably the best option. But you can submit a PR regarding the documentation too.
 
You must log in or register to reply here.
Back
Top