0

I want to know how I can add the local users of my server to a docker container. I don't need to import their files, I just need a username/password/privileges with new home directory in the docker container for every user in my system. For example, suppose my docker container contains the following users:

Host System:
admin: who has root access and rw access to all
bob: a regular non-sudo user
joe: another regular non-sudo user

Then the Docker Container must have users:
admin: who has root access and rw access to all
bob: a regular non-sudo user
joe: another regular non-sudo user

The Docker container and the system are both running linux, though the system is red hat and the container is ubuntu.

EDIT: I don't want to mount /etc/ files if possible, as this can create a two way security vulnerability as pointed out by @caveman

Improve this question

1 Answer 1

Reset to default
1

You would have to mount all relevant linux files using -v like /etc/passwd, /etc/shadow, /ect/group, and /etc/sudoers. Though I can't recommend this due to the security risks, if anyone gets root access in the container they can add users on the host or change passwords since he mount works both ways.

The list of files is not exhaustive, for example, you have to also make sure the shell exacutables exist within the container. When testing this I had to make a symbolic link from /usr/bin/zsh to /bin/bash for example since my user has the zsh shell configured which was not present in the docker image.

If you want to use these users to interact with mounted files, you also have to make sure that user namespace remapping is disabled, or specify that you want to use the same user namespace as the host with the --userns=host flag. Again, not recommended since it is a security feature, so use with care.

Note: Once you have done all this you can use su - {username} to switch to all your existing users. The -u options doesn't work since docker checks the /etc/passwd file before mounting and will give an error.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

This is exactly the response I was looking for, but what if the root user creates copies of /etc/passwd and so on instead of mounting them using RUN cat /etc/passwd >> /etc/passwd? Would this help mitigate that two-way security risk?
It would, but it does mean that you include the /ect/passwd file in the docker image. So that only works if you always build the docker image on the machine you are also running the container. Also keep in mind that the root user can steal the password hashes which are the same as those of the host, but there is no way around that one if you want to keep the same passwords
Another less elegant solution is to copy all the required files from the host to the running container after creation. Can be done with the docker cp command and a bash script to start the container and perform the copies.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.