Feature request: Option to add a password for console access with lxc exec

I have ran several containers in past on a friend’s system and also in my lab where I see other users getting access to the same node when it is free. This makes my containers vulnerable for quick access through lxc exec command. I think I am not the only one who has faced this vulnerability in past.

From the security perspective I really feel that there needs to be an option for securing the console access of a lxd container with a password.

Thus, I request for an option to add password to restrict console access.

I think this feature can be added as follows:
An option can be added in lxd container profile that keeps the container password in encrypted format. Then on running lxc exec command it checks if the password is present in profile and if it exists then it should prompt for entering a password. On entering the password the command verifies if the encrypted password stored in lxc profile matches with the entered password the user is granted access.

This would save a lot of hassle in terms of container security.

This would break just about every tool that integrates with LXD and would need far more coverage than just the exec endpoint.

Instead what you should be doing is setup per user projects on such systems and then use the project restricted certificates to allow each user access only took their own projects.

Got it. Thanks Stephane.

I’ll look into the suggested method. But does it also let me restrict users with sudo privileges on those systems?

No, but anyone who can be root on the system can get access to your containers, either through LXD or just directly through the filesystem, nsenter, …

So in general you’d want to very strictly limit who can get full root access on any system and then for LXD instance access, you can get a certificate per user, setup some projects and restrict them to those projects. You should also look into project restrictions and limits to further prevent them doing dangerous things on your system through container configuration.

Thanks Stephane.

Although this may help when the other users don’t have root access, but would not work best in the case I mentioned above where other users can still have root roles and I have no control on it.

Thanks for the implementation steps. I’ll still try to set up what’s possible right now.