Closed badele closed 6 years ago
It seemed to me it would be better to run sudo
with a password. The password is x11docker
and shown in terminal on x11docker startup.
I would not like to add an option like --sudonopass
; evil applications can easily detect a passwordless sudo. It is not a great security layer with password x11docker
as a special malware written for x11docker would know it. But at least it would have to know it. Though, you can change the password in x11docker code:
Benutzerpasswort="sac19FwGGTx/A" # encrypted password "x11docker", suits /etc/shadow.
# Created with: perl -e 'print crypt("x11docker", "salt"),"\n"'
sudo
in x11docker containers is rather useless as all system changes will be discarded when the container stops. Its purpose is for experimental changes on the fly in a running container before including them in Dockerfile.
Direct changes with RUN ...
in /etc/sudoers
in Dockerfile will be overwritten by x11docker, and that is intended. But you can add this in your ENTRYPOINT
script /usr/local/bin/start
:
echo x11docker | sudo --stdin su -c "echo \"$USER ALL=(ALL) NOPASSWD:ALL\" > /etc/sudoers"
echo x11docker | sudo --stdin su -c "echo \"root ALL=(ALL) ALL\" >> /etc/sudoers"
Argh, wrong "'quotes'". Sorry, will edit my answer
ok, try again with
echo x11docker | sudo --stdin su -c "echo \"$USER ALL=(ALL) NOPASSWD:ALL\" > /etc/sudoers"
echo x11docker | sudo --stdin su -c "echo \"root ALL=(ALL) ALL\" >> /etc/sudoers"
Thanks, it works like a charm :)
By checking if the option NOPASSWD:ALL existing with
--sudouser
optionI could see that this one existed in 2015 and document code
Why this function is disabled (i think for security reason :) )? Can we add new option (ex:
--nopassword
or--sudonopass
, etc ..) or must we be dot it in our Dockerfile ?