An LXC container has its own username and password definitions. The password for an LXC account can be changed when needed, whether or not the container is running.
geeklab login: admin Password: Login incorrect Oracle Linux Server 7.1 Kernel 3.8.13-118.19.3.el6uek.x86_64 on an x86_64
Resetting forgotten LXC container user password
Connect To A Running Container As The Root User
If the container is running, the password can be reset without needing to stop the container.
# lxc-attach -n Oracle7
[root@Oracle7 ~]# passwd Changing password for user root. New password: BAD PASSWORD: The password contains the user name in some form Retype new password: passwd: all authentication tokens updated successfully. [root@Oracle7 ~]#
The lxc-attach command starts a new process within a running container. The new process will be run using the credentials of the user running the lxc-attach command. Here the root user starts a normal shell environment. Once the shell is started, simply use the common passwd command as usual.
Remove The Password To Allow User Login And Normal Reset. The LXC container files are directly accessible from the host command line. By editing the /etc/passwd file in the LCX container, the password requirement for the user can be removed to open the account for password-less login.
The first objective is to find the LXC container path for the file to be modified. The LXC container must be stopped to perform this procedure.
Step #1: Locate where the container files are kept
# lxc-config -l lxc.default_config lxc.lxcpath lxc.bdev.lvm.vg lxc.bdev.lvm.thin_pool lxc.bdev.zfs.root
# lxc-config lxc-lxcpath /container
First, find which LXC attributes are available. Use the lxc-lxcpath attribute to locate the container files:
Step #2: Where are the container files mounted by the LXC host?
# mount | grep container /dev/sdb on /container type btrfs (rw)
Here, the LXC container files are accessible from the via the /container directory.
Step #3: Find the container root file system
# cd /container/ # ls lxc-monitord.log Oracle5U9 Oracle7 Orcle5U9 # cd Oracle7/ # ls config Oracle7.log rootfs rootfs.dev # cd rootfs # ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin selinux srv sys tmp usr var
Step #4: Remove the second field for the problem user in etc/fstab
# grep oracle etc/passwd oracle:x:1000:1000::/home/oracle:/bin/bash # vi etc/passwd
Remove any content between the first two colon (:) characters for the user of interest
# grep oracle etc/passwd oracle::1000:1000::/home/oracle:/bin/bash
Use the container root file system as a chroot jail and change password normally
Locate the LXC container root file system as shown earlier. Then use the chroot(1) command to enter an execution context in the container. As root, change the password normally.
The LXC container must be stopped to perform this procedure.
# chroot /container/Oracle7/rootfs/ passwd oracle Changing password for user oracle. New password: BAD PASSWORD: The password contains the user name in some form Retype new password: passwd: all authentication tokens updated successfully.
Then start the container and allow the user to login normally.