# ezjail and passwordless root account by default



## gzbk (Nov 9, 2013)

Hello,

I guess I missed something very evident, however I just do not understand why when I create a jail using ezjail why by default it created with a passwordless root account (vipw = "root::")?

On my logic, since this account will usually been access from an `ezjail console` command, I would have guessed it is created with a disabled password by default (vipw = "root:*:").

I checked in my system to confirm that a wheel user can indeed `su` without password, and I also checked on ezjail official webpage (the one stating "ezjail is about making this as easy as possible") that there were no step urging the user to set or disable root account password.

Can someone explain me why this password is not disabled by default? What did motivate this choice?

Thank you by advance for your answers,
Regards,


----------



## kpa (Nov 10, 2013)

It's because you or sysutils/ezjail is expected to set the password after the jail creation. The distribution sets come with no password set for root and that is completely intentional. Quote from jail(8):


```
Assuming no errors, you will end up with a shell prompt within the jail.
     You can now run /usr/sbin/sysinstall and do the post-install configura-
     tion to set various configuration options, or perform these actions manu-
     ally by editing /etc/rc.conf, etc.

           o   Configure /etc/resolv.conf so that name resolution within the
               jail will work correctly
           o   Run newaliases(1) to quell sendmail(8) warnings.
           o   Set a root password, probably different from the real host sys-
               tem
           o   Set the timezone
           o   Add accounts for users in the jail environment
           o   Install any packages the environment requires
```


----------



## SirDice (Nov 12, 2013)

Just do `chroot /where/my/jail/is passwd` and set a password for root.


----------



## gzbk (Nov 12, 2013)

Hello,
Thank for these explanations. I'm a bit surprised how ezjail website and each How-To I read on it always repeat about the resolv.conf file, the timezone, etc., but I never saw anything on the empty root password (most probably because, unlike the previously mentioned points having no root password will not prevent you jail to work...).
For my need, I prefer having no account with passwords enabled in my jails, so I directly edited the master.passwd file from the newjail template to disable root password by default on every newly created jail.
Regards,


----------



## icecoke (Nov 19, 2013)

You should use the `ezjail-admin` mechs and create a ezjail.flavour in your own 'flavour' that is run automatically on the first boot of your new created jail. Here you can set up more users set passwords etc. See the docs for flavours and this file to begin.


----------

