Skip to content
Snippets Groups Projects
Commit 9e435596 authored by aptalca's avatar aptalca
Browse files

Allow setting sudo password via hash

parent d1ece863
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md
+ 4
0
View file @ 9e435596
...@@ -92,6 +92,7 @@ services: ...@@ -92,6 +92,7 @@ services:
- TZ=Europe/London - TZ=Europe/London
- PASSWORD=password #optional - PASSWORD=password #optional
- SUDO_PASSWORD=password #optional - SUDO_PASSWORD=password #optional
- SUDO_PASSWORD_HASH= #optional
- PROXY_DOMAIN=code-server.my.domain #optional - PROXY_DOMAIN=code-server.my.domain #optional
volumes: volumes:
- /path/to/appdata/config:/config - /path/to/appdata/config:/config
...@@ -110,6 +111,7 @@ docker run -d \ ...@@ -110,6 +111,7 @@ docker run -d \
-e TZ=Europe/London \ -e TZ=Europe/London \
-e PASSWORD=password `#optional` \ -e PASSWORD=password `#optional` \
-e SUDO_PASSWORD=password `#optional` \ -e SUDO_PASSWORD=password `#optional` \
-e SUDO_PASSWORD_HASH= `#optional` \
-e PROXY_DOMAIN=code-server.my.domain `#optional` \ -e PROXY_DOMAIN=code-server.my.domain `#optional` \
-p 8443:8443 \ -p 8443:8443 \
-v /path/to/appdata/config:/config \ -v /path/to/appdata/config:/config \
...@@ -130,6 +132,7 @@ Container images are configured using parameters passed at runtime (such as thos ...@@ -130,6 +132,7 @@ Container images are configured using parameters passed at runtime (such as thos
| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London | | `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London |
| `-e PASSWORD=password` | Optional web gui password, if not provided, there will be no auth. | | `-e PASSWORD=password` | Optional web gui password, if not provided, there will be no auth. |
| `-e SUDO_PASSWORD=password` | If this optional variable is set, user will have sudo access in the code-server terminal with the specified password. | | `-e SUDO_PASSWORD=password` | If this optional variable is set, user will have sudo access in the code-server terminal with the specified password. |
| `-e SUDO_PASSWORD_HASH=` | Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`. |
| `-e PROXY_DOMAIN=code-server.my.domain` | If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains) | | `-e PROXY_DOMAIN=code-server.my.domain` | If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains) |
| `-v /config` | Contains all relevant configuration files. | | `-v /config` | Contains all relevant configuration files. |
...@@ -247,6 +250,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ...@@ -247,6 +250,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **23.12.20:** - Allow setting sudo password via hash using env var `SUDO_PASSWORD_HASH`.
* **29.05.20:** - Add --domain-proxy support. * **29.05.20:** - Add --domain-proxy support.
* **21.05.20:** - Shrink images, install via yarn, fix arm32v7 build. * **21.05.20:** - Shrink images, install via yarn, fix arm32v7 build.
* **18.05.20:** - Switch to multi-arch images, install via npm. * **18.05.20:** - Switch to multi-arch images, install via npm.
......
readme-vars.yml
+ 6
4
View file @ 9e435596
...@@ -42,13 +42,14 @@ param_ports: ...@@ -42,13 +42,14 @@ param_ports:
- { external_port: "8443", internal_port: "8443", port_desc: "web gui" } - { external_port: "8443", internal_port: "8443", port_desc: "web gui" }
param_usage_include_env: true param_usage_include_env: true
param_env_vars: param_env_vars:
- { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"} - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London" }
# optional container parameters # optional container parameters
opt_param_usage_include_env: true opt_param_usage_include_env: true
opt_param_env_vars: opt_param_env_vars:
- { env_var: "PASSWORD", env_value: "password", desc: "Optional web gui password, if not provided, there will be no auth."} - { env_var: "PASSWORD", env_value: "password", desc: "Optional web gui password, if not provided, there will be no auth." }
- { env_var: "SUDO_PASSWORD", env_value: "password", desc: "If this optional variable is set, user will have sudo access in the code-server terminal with the specified password."} - { env_var: "SUDO_PASSWORD", env_value: "password", desc: "If this optional variable is set, user will have sudo access in the code-server terminal with the specified password." }
- { env_var: "SUDO_PASSWORD_HASH", env_value: "", desc: "Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`." }
- { env_var: "PROXY_DOMAIN", env_value: "code-server.my.domain", desc: "If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains)" } - { env_var: "PROXY_DOMAIN", env_value: "code-server.my.domain", desc: "If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#sub-domains)" }
optional_block_1: false optional_block_1: false
...@@ -68,7 +69,8 @@ app_setup_block: | ...@@ -68,7 +69,8 @@ app_setup_block: |
# changelog # changelog
changelogs: changelogs:
- { date: "29.05.20:", desc: "Add --domain-proxy support."} - { date: "23.12.20:", desc: "Allow setting sudo password via hash using env var `SUDO_PASSWORD_HASH`." }
- { date: "29.05.20:", desc: "Add --domain-proxy support." }
- { date: "21.05.20:", desc: "Shrink images, install via yarn, fix arm32v7 build." } - { date: "21.05.20:", desc: "Shrink images, install via yarn, fix arm32v7 build." }
- { date: "18.05.20:", desc: "Switch to multi-arch images, install via npm." } - { date: "18.05.20:", desc: "Switch to multi-arch images, install via npm." }
- { date: "29.04.20:", desc: "Update start arguments." } - { date: "29.04.20:", desc: "Update start arguments." }
......
root/etc/cont-init.d/30-config
+ 8
3
View file @ 9e435596
...@@ -2,14 +2,19 @@ ...@@ -2,14 +2,19 @@
mkdir -p /config/{extensions,data,workspace,.ssh} mkdir -p /config/{extensions,data,workspace,.ssh}
if [ -n "${SUDO_PASSWORD}" ]; then if [ -n "${SUDO_PASSWORD}" ] || [ -n "${SUDO_PASSWORD_HASH}" ]; then
echo "setting up sudo access" echo "setting up sudo access"
if ! grep -q 'abc' /etc/sudoers; then if ! grep -q 'abc' /etc/sudoers; then
echo "adding abc to sudoers" echo "adding abc to sudoers"
echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
fi fi
echo "setting sudo password" if [ -n "${SUDO_PASSWORD_HASH}" ]; then
echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc echo "setting sudo password using sudo password hash"
sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow
else
echo "setting sudo password using SUDO_PASSWORD env var"
echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
fi
fi fi
# permissions # permissions
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment