Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not create the kairos user by default #1104

Merged
merged 1 commit into from
Oct 10, 2024
Merged

Do not create the kairos user by default #1104

merged 1 commit into from
Oct 10, 2024

Conversation

Itxaka
Copy link
Member

@Itxaka Itxaka commented Oct 9, 2024

@Itxaka Itxaka requested a review from a team October 9, 2024 11:58
@Itxaka
Copy link
Member Author

Itxaka commented Oct 9, 2024

Tested kairos with this, doesnt seem like an issue. You cannot login but thats about it lol.

If you create a normal user you can still login but without sudo privs unless you add the admin group to your user

$ sudo -i
[sudo] password for itxaka: 
itxaka is not in the sudoers file.
$ cat /et	pas^C
$ bash
itxaka@localhost:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
messagebus:x:100:101::/nonexistent:/usr/sbin/nologin
_rpc:x:101:65534::/run/rpcbind:/usr/sbin/nologin
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
statd:x:102:65534::/var/lib/nfs:/usr/sbin/nologin
systemd-timesync:x:997:997:systemd Time Synchronization:/:/usr/sbin/nologin
tss:x:103:103:TPM software stack,,,:/var/lib/tpm:/bin/false
sshd:x:104:65534::/run/sshd:/usr/sbin/nologin
Debian-snmp:x:105:104::/var/lib/snmp:/bin/false
_lldpd:x:106:105::/run/lldpd:/usr/sbin/nologin
polkitd:x:992:992:User for polkitd:/:/usr/sbin/nologin
systemd-resolve:x:991:991:systemd Resolver:/:/usr/sbin/nologin
itxaka:x:1001:1001:Created by entities:/home/itxaka:/bin/sh

permissions of the user seems good

itxaka@localhost:~$ k3s kubectl get nodes
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied
itxaka@localhost:~$ cat /oem/90_custom.yaml
cat: /oem/90_custom.yaml: Permission denied

So I dont see why this would not work, nothing depends on our kairos user being there by default.

mauromorales
mauromorales reviewed Oct 9, 2024
View reviewed changes
packages/static/kairos-overlay-files/files/system/oem/09_openrc_services.yaml
@@ -111,7 +111,6 @@ stages:
╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝


Welcome to kairos (login with user: kairos, password: kairos)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe still worth keeping for livecd? though I don't see why someone would log out of the livecd

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can't log out of the livecd lol, it restarts the service on exit so you get logged in back

Let me try that

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nope, I think this only happens in alpine, which makes the service restart but not on normal service. You dont even get a login back, just a dead tty lol

@Itxaka Itxaka linked an issue Oct 9, 2024 that may be closed by this pull request
Remove default 'kairos' user kairos-io/kairos#2921
Closed
@Itxaka Itxaka merged commit c33bdac into main Oct 10, 2024
6 checks passed
@Itxaka Itxaka deleted the drop_kairos_user branch October 10, 2024 10:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mauromorales mauromorales mauromorales approved these changes

@jimmykarily jimmykarily jimmykarily approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove default 'kairos' user
3 participants
@Itxaka @mauromorales @jimmykarily