From 40a22df0453e176892973808ab9264e008d14b02 Mon Sep 17 00:00:00 2001 From: wangyunlai Date: Mon, 4 Sep 2023 11:39:25 +0800 Subject: [PATCH] fix docker security issues (#251) ### What problem were solved in this pull request? ref #205 Problem: docker image has some security issues ### What is changed and how it works? move step chpassword to startup --- docker/Dockerfile | 17 ++++++----------- docker/bin/starter-sshd.sh | 5 +++++ docker/bin/starter.sh | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 0a76e78..79a7bd4 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -4,9 +4,6 @@ # make sure docker has been installed FROM ubuntu:latest -ARG HOME_DIR=/root -ARG DOCKER_CONFIG_DIR=${HOME_DIR}/docker - # ENV LANG=en_US.UTF-8 # locale RUN apt-get update && apt-get install -y locales apt-utils && rm -rf /var/lib/apt/lists/* \ @@ -25,8 +22,6 @@ RUN git clone https://github.com/oceanbase/miniob /tmp/miniob \ && bash build.sh init \ && rm -rf /tmp/miniob -# change root password -RUN echo "root:root" | chpasswd RUN mkdir /var/run/sshd # install zsh and on-my-zsh @@ -37,13 +32,13 @@ RUN apt-get install -y zsh \ && usermod --shell /bin/zsh root \ && echo "export LD_LIBRARY_PATH=/usr/local/lib64:\$LD_LIBRARY_PATH" >> ~/.zshrc -RUN mkdir -p ${DOCKER_CONFIG_DIR}/bin - -WORKDIR ${DOCKER_CONFIG_DIR}/bin +RUN mkdir -p /root/docker/bin && touch /etc/.firstrun # copy starter scripts -COPY bin/* ${DOCKER_CONFIG_DIR}/bin/ +COPY bin/* /root/docker/bin/ + +RUN chmod +x /root/docker/bin/* -RUN chmod +x ${DOCKER_CONFIG_DIR}/bin/* +WORKDIR /root -ENTRYPOINT ./starter.sh +ENTRYPOINT /root/docker/bin/starter.sh diff --git a/docker/bin/starter-sshd.sh b/docker/bin/starter-sshd.sh index 93cb2a8..c295ea6 100755 --- a/docker/bin/starter-sshd.sh +++ b/docker/bin/starter-sshd.sh @@ -2,6 +2,11 @@ HOST_KEY_DIR=/etc/ssh/ssh_host_rsa_key +if [ -f /etc/.firstrun ]; then + echo "root:root" | chpasswd + rm -f /etc/.firstrun +fi + if [ ! -f "${HOST_KEY_DIR}" ]; then ssh-keygen -A fi diff --git a/docker/bin/starter.sh b/docker/bin/starter.sh index 1f0fcf1..ffb4494 100644 --- a/docker/bin/starter.sh +++ b/docker/bin/starter.sh @@ -1,4 +1,4 @@ #!/bin/bash -ls -lld $PWD/*starter-* | awk '{print $9;}' | xargs -L 1 bash -c +ls -lld $HOME/docker/bin/*starter-* | awk '{print $9;}' | xargs -L 1 bash -c echo 'starter scripts run successfully!' tail -f /dev/null -- GitLab