Allow setting sudo password via hash

This commit is contained in:
aptalca 2020-12-23 20:03:43 -05:00
parent d1ece863bc
commit 9e43559690
3 changed files with 18 additions and 7 deletions

View File

@ -92,6 +92,7 @@ services:
- TZ=Europe/London - TZ=Europe/London
- PASSWORD=password #optional - PASSWORD=password #optional
- SUDO_PASSWORD=password #optional - SUDO_PASSWORD=password #optional
- SUDO_PASSWORD_HASH= #optional
- PROXY_DOMAIN=code-server.my.domain #optional - PROXY_DOMAIN=code-server.my.domain #optional
volumes: volumes:
- /path/to/appdata/config:/config - /path/to/appdata/config:/config
@ -110,6 +111,7 @@ docker run -d \
-e TZ=Europe/London \ -e TZ=Europe/London \
-e PASSWORD=password `#optional` \ -e PASSWORD=password `#optional` \
-e SUDO_PASSWORD=password `#optional` \ -e SUDO_PASSWORD=password `#optional` \
-e SUDO_PASSWORD_HASH= `#optional` \
-e PROXY_DOMAIN=code-server.my.domain `#optional` \ -e PROXY_DOMAIN=code-server.my.domain `#optional` \
-p 8443:8443 \ -p 8443:8443 \
-v /path/to/appdata/config:/config \ -v /path/to/appdata/config:/config \
@ -130,6 +132,7 @@ Container images are configured using parameters passed at runtime (such as thos
| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London | | `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London |
| `-e PASSWORD=password` | Optional web gui password, if not provided, there will be no auth. | | `-e PASSWORD=password` | Optional web gui password, if not provided, there will be no auth. |
| `-e SUDO_PASSWORD=password` | If this optional variable is set, user will have sudo access in the code-server terminal with the specified password. | | `-e SUDO_PASSWORD=password` | If this optional variable is set, user will have sudo access in the code-server terminal with the specified password. |
| `-e SUDO_PASSWORD_HASH=` | Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`. |
| `-e PROXY_DOMAIN=code-server.my.domain` | If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains) | | `-e PROXY_DOMAIN=code-server.my.domain` | If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains) |
| `-v /config` | Contains all relevant configuration files. | | `-v /config` | Contains all relevant configuration files. |
@ -247,6 +250,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **23.12.20:** - Allow setting sudo password via hash using env var `SUDO_PASSWORD_HASH`.
* **29.05.20:** - Add --domain-proxy support. * **29.05.20:** - Add --domain-proxy support.
* **21.05.20:** - Shrink images, install via yarn, fix arm32v7 build. * **21.05.20:** - Shrink images, install via yarn, fix arm32v7 build.
* **18.05.20:** - Switch to multi-arch images, install via npm. * **18.05.20:** - Switch to multi-arch images, install via npm.

View File

@ -49,6 +49,7 @@ opt_param_usage_include_env: true
opt_param_env_vars: opt_param_env_vars:
- { env_var: "PASSWORD", env_value: "password", desc: "Optional web gui password, if not provided, there will be no auth." } - { env_var: "PASSWORD", env_value: "password", desc: "Optional web gui password, if not provided, there will be no auth." }
- { env_var: "SUDO_PASSWORD", env_value: "password", desc: "If this optional variable is set, user will have sudo access in the code-server terminal with the specified password." } - { env_var: "SUDO_PASSWORD", env_value: "password", desc: "If this optional variable is set, user will have sudo access in the code-server terminal with the specified password." }
- { env_var: "SUDO_PASSWORD_HASH", env_value: "", desc: "Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`." }
- { env_var: "PROXY_DOMAIN", env_value: "code-server.my.domain", desc: "If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains)" } - { env_var: "PROXY_DOMAIN", env_value: "code-server.my.domain", desc: "If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains)" }
optional_block_1: false optional_block_1: false
@ -68,6 +69,7 @@ app_setup_block: |
# changelog # changelog
changelogs: changelogs:
- { date: "23.12.20:", desc: "Allow setting sudo password via hash using env var `SUDO_PASSWORD_HASH`." }
- { date: "29.05.20:", desc: "Add --domain-proxy support." } - { date: "29.05.20:", desc: "Add --domain-proxy support." }
- { date: "21.05.20:", desc: "Shrink images, install via yarn, fix arm32v7 build." } - { date: "21.05.20:", desc: "Shrink images, install via yarn, fix arm32v7 build." }
- { date: "18.05.20:", desc: "Switch to multi-arch images, install via npm." } - { date: "18.05.20:", desc: "Switch to multi-arch images, install via npm." }

View File

@ -2,15 +2,20 @@
mkdir -p /config/{extensions,data,workspace,.ssh} mkdir -p /config/{extensions,data,workspace,.ssh}
if [ -n "${SUDO_PASSWORD}" ]; then if [ -n "${SUDO_PASSWORD}" ] || [ -n "${SUDO_PASSWORD_HASH}" ]; then
echo "setting up sudo access" echo "setting up sudo access"
if ! grep -q 'abc' /etc/sudoers; then if ! grep -q 'abc' /etc/sudoers; then
echo "adding abc to sudoers" echo "adding abc to sudoers"
echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
fi fi
echo "setting sudo password" if [ -n "${SUDO_PASSWORD_HASH}" ]; then
echo "setting sudo password using sudo password hash"
sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow
else
echo "setting sudo password using SUDO_PASSWORD env var"
echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
fi fi
fi
# permissions # permissions
chown -R abc:abc \ chown -R abc:abc \