Login/Register
Persistent /etc/passwd on a docker container
Asked Answered
linuxdockermountpasswdvolumes
G

2

6

I have create a docker image that allows users to connect on it with SSH.

For security reason, I'd like to users can change their password. I only use docker named volumes, so I can't bind /etc/passwd and I don't want to mount all /etc

Any ideas? Thanks in advance.

Goldner answered 14/12, 2017 at 8:56 Comment(5)
why you don't make a default password and they can connect and change it in the container? (or you can say ADD myfolder/passwd /etc/passwd in the dockerfile - but then you should be careful with this file - or just just create a script that runs at start and reads the password from another path and change it in passwd)Stench
Yes users will change their password after logged in with ssh. But if I rebuild my image or restart (and not revive) my container, all passwords will be lost. So I can save the /etc/passwd file and restore it after but I don't like this way. Nothing cleaner?Goldner
try this: docs.docker.com/engine/swarm/secrets/…Stench
Thanks, I think this is the proper way to do that. But it seems too disproportionate for my use. I found a solution, see my own question response.Goldner
this has nothing to do with programming and should be on Super UserPend
G
5

Finally I found this solution:

  • create a named volume
  • mount it (for instance in /users)
  • set a shadow file on it
  • at start of the container, make a link for /users/shadow on /etc/shadow
Goldner answered 14/12, 2017 at 15:43 Comment(0)
J
0

In this question someone asks if it is possible to mount a file as a volume with docker compose (and the answer was yes), so if it is possible to do it with compose i think that this is possible also with docker. I know it is different from your question because in they use host directories/files, but the docker named volumes (as you can see here) are used to make the container host independent, this is done creating some volumes handled by docker.
So try to crate a volume and mount that volume in the place of the passwd file.

Jewell answered 14/12, 2017 at 9:25 Comment(1)
Thanks. But I believe the volume syntax starting by a '/' is for bind mounts with docker host and no for docker named volumes. Doing the following: docker volume create passwd && docker container run -ti --mount source=passwd,target=/etc/passwd alpine fail with: docker: Error response from daemon: readdirent: not a directory.Goldner

© 2022 - 2024 — McMap. All rights reserved.