6

I have create a docker image that allows users to connect on it with SSH.

For security reason, I'd like to users can change their password. I only use docker named volumes, so I can't bind /etc/passwd and I don't want to mount all /etc

Any ideas? Thanks in advance.

lama02
  • 161
  • 2
  • 8
  • why you don't make a default password and they can connect and change it in the container? (or you can say ADD myfolder/passwd /etc/passwd in the dockerfile - but then you should be careful with this file - or just just create a script that runs at start and reads the password from another path and change it in passwd) – Edwin Dec 14 '17 at 10:01
  • 1
    Yes users will change their password after logged in with ssh. But if I rebuild my image or restart (and not revive) my container, all passwords will be lost. So I can save the /etc/passwd file and restore it after but I don't like this way. Nothing cleaner? – lama02 Dec 14 '17 at 10:15
  • try this: https://docs.docker.com/engine/swarm/secrets/#read-more-about-docker-secret-commands – Edwin Dec 14 '17 at 10:23
  • Thanks, I think this is the proper way to do that. But it seems too disproportionate for my use. I found a solution, see my own question response. – lama02 Dec 14 '17 at 15:44
  • this has nothing to do with programming and should be on [su] – phuclv Apr 25 '22 at 04:31

2 Answers2

5

Finally I found this solution:

  • create a named volume
  • mount it (for instance in /users)
  • set a shadow file on it
  • at start of the container, make a link for /users/shadow on /etc/shadow
lama02
  • 161
  • 2
  • 8
0

In this question someone asks if it is possible to mount a file as a volume with docker compose (and the answer was yes), so if it is possible to do it with compose i think that this is possible also with docker. I know it is different from your question because in they use host directories/files, but the docker named volumes (as you can see here) are used to make the container host independent, this is done creating some volumes handled by docker.
So try to crate a volume and mount that volume in the place of the passwd file.

Norman
  • 435
  • 6
  • 10
  • 1
    Thanks. But I believe the volume syntax starting by a '/' is for bind mounts with docker host and no for docker named volumes. Doing the following: `docker volume create passwd && docker container run -ti --mount source=passwd,target=/etc/passwd alpine` fail with: _docker: Error response from daemon: readdirent: not a directory._ – lama02 Dec 14 '17 at 09:48