docker-archive / communitytools-image2docker-linux

116 stars 42 forks source link

User Configuration & Shadow file #7

Open allingeek opened 7 years ago

allingeek commented 7 years ago

We need to lift and shift user configuration and login data. You're taking a risk any time you're pulling critical files like /etc/shadow into an environment where access controls might be subverted. You're taking a further risk by committing those files into a layered image. You're also making it very difficult to change those passwords after the fact because mutations will revert every time you restart a container from a shifted image.

We have to build this component pair because many systems have been specialized with user configuration. User education is going to be really important for this tooling.

pdevine commented 7 years ago

@allingeek is the thinking here that some applications are using PAM for access control? Do you know any applications we'd want to lift/shift that currently do that?

allingeek commented 7 years ago

@pdevine I don't want to see people accidentally push key material of any kind into a public repository.