What's default root password for docker official Centos image

This is regarding Docker official Centos6 and Centos7 images

There are 3 separate but related questions:
(1) When started using "docker RUN centos", what is the root password and how to find it?
(2) When started from a derived image (image derived from offical docker centos via using Dockerfile FROM entry) , what is the root password and how to find it?
(3) In both cases, if the answer is "you need to set root password inside Dockerfile", what is the best recommended method to set it. ("yum install passwd; passwd;" is one option, but is this the best practice? )

Thank you very much!


Solution 1:

To set the root password inside a Docker container:

  1. Log in as root: docker exec -ti -u root containerID /bin/bash
  2. Use the passwd command to change the password.
  3. Commit changes in Docker (i.e., docker commit).

Solution 2:

(1): I don't know, but that does not matter. If you run docker run -it centos you start a new container and are inside it immediately as root. You could set then interactively a new root password with passwd. But this is a rare usecase, mostly used for first steps into containers.

(2): If someone derives from a base image, try to get the Dockerfile for that. That way you can look up if and which password he set. If that Dockerfile is not available I'd personally question that quality of the image at large, since you never know what else might be baked into the image. Your milage may vary. In any case, you could derive in turn from that image and set yet another root password.

(3): Your proposed way with passwd is fair enough, but implementing a fixed password into a container feels wrong for me anyway. A container should implement one task and effectively never need to be logged into. For exceptional troubleshooting sessions, you can always access the container from the Docker host with "docker attach" or "docker exec". If you really need to log into the container, place a ssh public key into a ~/.ssh/authorized_keys, so you can control from the outside who gets access to the container (whoever has access to the corresponding secret ssh key).