Why ist root user inside the ubuntu container template enabled?

ubuntu by default has a disabled root user (out of security considerations) while in the template for ubuntu LXC container templates root is enabled

just curious …

  1. why is root enabled in the LCX template for ubuntu?
  2. would it be the first thing to do in an ubuntu container to create a new sudo user and disable the root user?

None of the users created by the LXC templates come with passwords, so as far as traditional login, all users are disabled.

lxc-attach does not go through the PAM stack, it just spawns a process as root in the container, whether the root user is enabled, disabled, defined, whatever… doesn’t matter at all.