From 49b00fc48a1a919a2749fcd3d6db730ec97951dc Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Sat, 12 Aug 2023 17:26:23 -0400 Subject: [PATCH] resolve issues with missing user in containers This change resolves an issue in container where the user id is not found. This will create a passwd file with a single line that is for the container user using the uid and gid of the pterodactyl user. As an added security benefit this would also stop users being able to just use `/bin/bash` as it sets the users terminal to nologin by default and is configurable example passwd file contents `container:x:999:999::/home/container:/usr/sbin/nologin` --- config/config.go | 20 ++++++++++++++++++++ server/mounts.go | 6 ++++++ 2 files changed, 26 insertions(+) diff --git a/config/config.go b/config/config.go index 4c65bf7..afc1564 100644 --- a/config/config.go +++ b/config/config.go @@ -168,6 +168,8 @@ type SystemConfiguration struct { Uid int `yaml:"uid"` Gid int `yaml:"gid"` + + Login bool `yaml:"login"` } `yaml:"user"` // The amount of time in seconds that can elapse before a server's disk space calculation is @@ -526,6 +528,24 @@ func ConfigureDirectories() error { return err } + log.WithField("filepath", "/etc/pterodactyl//passwd").Debug("ensuring passwd file exists") + if passwd, err := os.Create("/etc/pterodactyl/passwd"); err != nil { + return err + } else { + shell := "/usr/sbin/nologin" + if _config.System.User.Login { + shell = "/bin/sh" + } + + // the WriteFile method returns an error if unsuccessful + err := os.WriteFile(passwd.Name(), []byte(fmt.Sprintf("container:x:%d:%d::/home/container:%s", _config.System.User.Uid, _config.System.User.Gid, shell)), 0777) + // handle this error + if err != nil { + // print it out + fmt.Println(err) + } + } + // There are a non-trivial number of users out there whose data directories are actually a // symlink to another location on the disk. If we do not resolve that final destination at this // point things will appear to work, but endless errors will be encountered when we try to diff --git a/server/mounts.go b/server/mounts.go index 97c8094..077a9bb 100644 --- a/server/mounts.go +++ b/server/mounts.go @@ -27,6 +27,12 @@ func (s *Server) Mounts() []environment.Mount { Source: s.Filesystem().Path(), ReadOnly: false, }, + { + Default: true, + Target: "/etc/passwd", + Source: "/etc/pterodactyl/passwd", + ReadOnly: true, + }, } // Also include any of this server's custom mounts when returning them.