Add rancher user and lock root

2025-08-01 06:59:05 +00:00 · 2015-02-20 11:29:17 -07:00 · 2015-02-20 11:29:17 -07:00 · 4b2e98e238
commit 4b2e98e238
parent 7f3ee5d9ef
6 changed files with 24 additions and 3 deletions
--- a/config/default.go
+++ b/config/default.go
@ -125,6 +125,7 @@ func NewConfig() *Config {
 				"--rm " +
 				"--privileged " +
 				"--volumes-from=console-volumes " +
+				"--volumes-from=user-volumes " +
 				"--volumes-from=system-volumes " +
 				"--ipc=host " +
 				"--net=host " +
--- a/docker/container.go
+++ b/docker/container.go
@ -380,11 +380,16 @@ func (c *Container) start(wait bool) *Container {

 	if c.Exists() && c.remove {
 		log.Debugf("Deleting container %s", c.Container.ID)
-		c.Delete().Reset().Lookup()
+		c.Delete()

 		if c.Err != nil {
 			return c
 		}
+
+		c.Reset().Lookup()
+		if c.Err != nil {
+			return c
+		}
 	}

 	if !c.Exists() {
--- a/scripts/ci
+++ b/scripts/ci
@ -22,6 +22,7 @@ generate_images()
    if [ -e ${BUILD}/${IMAGE_ID} ]; then
        DOCKER_BASE=$(<${BUILD}/${IMAGE_ID})
    else
+        echo Running: docker run -d --privileged ${DOCKER_IMAGE} /source/scripts/build-images
        CID=$(docker run -d --privileged ${DOCKER_IMAGE} /source/scripts/build-images)
        docker logs -f ${CID} &
        trap "docker rm -f ${CID}" exit
--- a/scripts/dockerimages/00-base
+++ b/scripts/dockerimages/00-base
@ -19,5 +19,7 @@ RUN rm /sbin/poweroff /sbin/reboot /sbin/halt && \
       /var/lock \
       /var/log \
       /var/run \
-       /var/spool
-CMD ["/bin/sh"]
+       /var/spool && \
+    passwd -l root && \
+    addgroup sudo && \
+    echo '%sudo ALL=(ALL) ALL' > /etc/sudoers.d/sudo-group
--- a/scripts/dockerimages/06-console
+++ b/scripts/dockerimages/06-console
@ -1,3 +1,7 @@
 FROM base
 COPY scripts/dockerimages/scripts/console.sh /usr/sbin/
+RUN adduser -G sudo -D -h /home/rancher -s /bin/bash rancher && \
+    sed -i 's/rancher.*/rancher:rixbL64o6zGmY:16486:0:99999:7:::/g' /etc/shadow && \
+    mkdir -p /home/rancher && \
+    chmod 2755 /home/rancher
 CMD ["/usr/sbin/console.sh"]
--- a/scripts/dockerimages/scripts/console.sh
+++ b/scripts/dockerimages/scripts/console.sh
@ -1,4 +1,5 @@
 #!/bin/sh
+# Test

 CLOUD_CONFIG_FILE=/var/lib/rancher/cloud-config

@ -6,6 +7,13 @@ if [ -s $CLOUD_CONFIG_FILE ]; then
 	cloud-init --from-file $CLOUD_CONFIG_FILE
 fi

+RANCER_HOME=/home/rancher
+if [ ! -d ${RANCER_HOME} ]; then
+    mkdir -p ${RANCER_HOME}
+    chown rancher:rancher ${RANCER_HOME}
+    chmod 2755 ${RANCER_HOME}
+fi
+
 cat > /etc/respawn.conf << EOF
 /sbin/getty 115200 tty1
 /sbin/getty 115200 tty2