Home > Back-end >  How to apply Dockerfile `git config` values to a non-root user's ssh session?
How to apply Dockerfile `git config` values to a non-root user's ssh session?

Time:05-14

I have a Dockerfile whose base layer includes git, configures git's global user.name and user.email and that starts openssh-server.

The Dockerfile is along the lines of this (simplified to remove perceived irrelevancies):

FROM debian as base
RUN apt-get update && \
    apt-get -qy full-upgrade && \
    apt-get install -qy git && \
    apt-get install -qy openssh-server && \
    sed -i 's|session    required     pam_loginuid.so|session    optional pam_loginuid.so|g' /etc/pam.d/sshd && \
    mkdir -p /var/run/sshd && \
    groupadd builders -g 1111111112 && \
    useradd -l -u 1111111111 -g 1111111112 -m -s /bin/bash bob && \
    echo "bob ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
    echo "bob:youruncle" | chpasswd && \
    git config --global user.name "bob" && \
    git config --global user.email "[email protected]"

EXPOSE 22
CMD /usr/sbin/sshd -D

When I build and run this container:

$ docker build -t tmp:tmp .
[ ] Building 59.2s (6/6) FINISHED
 => [internal] load .dockerignore                                 0.1s
 => => transferring context: 2B                                   0.0s
 => [internal] load build definition from Dockerfile              0.0s
 => => transferring dockerfile: 692B                              0.0s
 => [internal] load metadata for docker.io/library/debian:latest  0.0s
 => CACHED [1/2] FROM docker.io/library/debian                    0.0s
 => [2/2] RUN apt-get update &&     apt-get -qy full-upgrade &&  55.4s
 => exporting to image                                            3.6s
 => => exporting layers                                           3.5s
 => => writing image sha256:cceaae2883b393ccb7dc0d977d846e5df1... 0.0s
 => => naming to docker.io/library/tmp:tmp                        0.0s
$ docker run tmp:tmp

...and attach to it, I see bob's expected git config:

$ docker exec -it peaceful_einstein bash
root@3ca48a22fe98:/# git config --list
user.name=bob
[email protected]
root@3ca48a22fe98:/#

...but when I ssh to the container as bob, I don't see the expected git config:

$ docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' peaceful_einstein
172.17.0.223
$ ssh [email protected]
The authenticity of host '172.17.0.223 (172.17.0.223)' can't be established.
ECDSA key fingerprint is SHA256:mIyf7TvG0nDSo3fWDipWGGPxFipb6THmoYt7dwtR77w.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.223' (ECDSA) to the list of known hosts.
[email protected]'s password:
Linux 3ca48a22fe98 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
bob@3ca48a22fe98:~$ git config --list
bob@3ca48a22fe98:~$

Why isn't bob's git config info available when ssh'ing to the container?
Is there a way to make the git config statements in the Dockerfile "apply" to bob's ssh session?

CodePudding user response:

Running docker exec uses the directory from the Dockerfile (the WORKDIR) unless you override it, and—more importantly in this case—the user from the -u option, or the user from the Dockerfile. (See also What's the default user for docker exec?) In your case those are / and root (uid 0).

Running ssh into a container starts a login shell, which uses the user's home directory, getting the user from the login. In this case those are bob and so, probably /home/bob.

Git uses or sets the current user's --global config, so you're getting root's configuration with docker exec and bob's with ssh.

CodePudding user response:

I was able to use @torek's explanation to cobble together this solution that does the git config work in a USER bob "section" of the Dockerfile:

FROM debian as base
RUN apt-get update && \
    apt-get -qy full-upgrade && \
    apt-get install -qy git && \
    apt-get install -qy openssh-server && \
    sed -i 's|session    required     pam_loginuid.so|session    optional pam_loginuid.so|g' /etc/pam.d/sshd && \
    mkdir -p /var/run/sshd && \
    groupadd builders -g 1111111112 && \
    useradd -l -u 1111111111 -g 1111111112 -m -s /bin/bash bob && \
    echo "bob ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
    echo "bob:youruncle" | chpasswd

EXPOSE 22

USER bob
RUN git config --global user.name "bob" && \
    git config --global user.email "[email protected]"

USER root
CMD /usr/sbin/sshd -D

I have no idea how clean/proper/conformant to prevailing practice that solution is, but it does satisfy the need of the original post.

Page link:https//www.codepudding.com/Backend/406100.html

Prev:I have a problem setting up git repository and pushing changes in visual studio code
Next:Class 'SliverMultiBoxAdaptorElement' has no instance method 'basename'
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding