MCorange/wings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

resolve issues with missing user in containers

Browse Source 
This change resolves an issue in container where the user id is not found.

This will create a passwd file with a single line that is for the container user using the uid and gid of the pterodactyl user.

As an added security benefit this would also stop users being able to just use `/bin/bash` as it sets the users terminal to nologin by default and is configurable

example passwd file contents  
`container999:999::/home/container:/usr/sbin/nologin`
This commit is contained in:
Michael Parker 2023-08-12 17:26:23 -04:00
parent 438e5fdbe9
commit 49b00fc48a
No known key found for this signature in database
GPG Key ID: 32884F309E59D4CB
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
config/config.go
View File

@ -168,6 +168,8 @@ type SystemConfiguration struct {
Uid int `yaml:"uid"`
Gid int `yaml:"gid"`
Login bool `yaml:"login"`
} `yaml:"user"`
// The amount of time in seconds that can elapse before a server's disk space calculation is
@ -526,6 +528,24 @@ func ConfigureDirectories() error {
return err
}
log.WithField("filepath", "/etc/pterodactyl//passwd").Debug("ensuring passwd file exists")
if passwd, err := os.Create("/etc/pterodactyl/passwd"); err != nil {
return err
} else {
shell := "/usr/sbin/nologin"
if _config.System.User.Login {
shell = "/bin/sh"
}
// the WriteFile method returns an error if unsuccessful
err := os.WriteFile(passwd.Name(), []byte(fmt.Sprintf("container:x:%d:%d::/home/container:%s", _config.System.User.Uid, _config.System.User.Gid, shell)), 0777)
// handle this error
if err != nil {
// print it out
fmt.Println(err)
}
}
// There are a non-trivial number of users out there whose data directories are actually a
// symlink to another location on the disk. If we do not resolve that final destination at this
// point things will appear to work, but endless errors will be encountered when we try to

6
server/mounts.go
View File

@ -27,6 +27,12 @@ func (s *Server) Mounts() []environment.Mount {
Source: s.Filesystem().Path(),
ReadOnly: false,
},
{
Default: true,
Target: "/etc/passwd",
Source: "/etc/pterodactyl/passwd",
ReadOnly: true,
},
}
// Also include any of this server's custom mounts when returning them.