如何从Dockerfile向`sudo`发送密码 [英] How to send a password to `sudo` from a Dockerfile
问题描述
我正在为本地开发需求创建一个docker文件。该文件创建一个 user 帐户,密码为 user 。我认为应该起作用的行是:
I am creating a docker file for local development needs. The file creates a user account with user as the password. The line that I think should work is:
# allow writes to the home directory
RUN echo "user" | sudo -S chmod 777 ~
但是,当我以交互方式运行映像时,它似乎失败了&我看到此消息:
However when I run the image interactively it seems that it failed & I see this message:
mkdir: cannot create directory ‘/home/.meteor-install-tmp’: Permission
denied
当我运行 sudo -S chmod 777〜
When I run sudo -S chmod 777 ~ from within the container it works.
这是完整的脚本:
# docker build -t timebandit/meteor-1-5 --rm .
# docker run -v /host/path:/home/code -it timebandit/meteor-1-5 bash
FROM ubuntu:xenial
# update the system
RUN apt-get update && apt-get -y install curl \
sudo \
apt-utils \
locales \
nano
# Set the locale
RUN sudo sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/'
/etc/locale.gen && \
locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
# set the root password
RUN echo "root:root" | chpasswd
# create a user
RUN useradd -ms /bin/bash user
RUN adduser user sudo
RUN echo 'user:user' | chpasswd
ENV HOME=/home
WORKDIR $HOME/user
USER user
# allow writes to the home directory
ARG user_pass
RUN echo $user_pass | sudo --stdin chmod 777 /home
# install meteor
RUN echo $user_pass | sudo curl https://install.meteor.com/ | sh
推荐答案
我建议跳过 sudo 完全是因为您可以使用Dockerfile更改用户:
I'd recommend skipping the sudo completely since you can change users with your Dockerfile:
....
# allow writes to the home directory
USER root
RUN chmod 777 /home
USER user
....
在映像中添加sudo意味着攻击者可以使用它。您可以使用 -u根更改选项,只要您需要以root身份回到容器中即可。 docker run 或 docker exec 命令的用户。
Adding sudo to your image means it's there for an attacker to use. You can change the user of a docker run or docker exec command with the -u root option any time you need to get back into the container as root.
这篇关于如何从Dockerfile向`sudo`发送密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
