我正在尝试使用 vsftpd 2.3.4 构建一个易受攻击的 dockerized web 应用程序用于测试目的。
我的
Dockerfile
就像:
# For more information, please refer to https://aka.ms/vscode-docker-python
FROM python:3.12-slim
EXPOSE 5002
# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1
# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1
# Install pip requirements
COPY requirements.txt .
RUN python -m pip install -r requirements.txt
# Install vsftpd 2.3.4
RUN apt-get update -y && apt-get install -y git
WORKDIR /root/
RUN git clone https://github.com/Anon-Exploiter/vulnerable-packages && \
cd vulnerable-packages && \
cd backdoored-vsftpd-2.3.4 && \
mv * /root/ && \
cd /root && \
rm -rfv vulnerable-packages
RUN apt-get purge -y git && \
apt-get -y autoclean && \
apt-get -y autoremove && \
apt-get -y clean
RUN mkdir /usr/share/empty/ && \
mkdir /var/ftp/ && \
useradd -d /var/ftp ftp
RUN chown root:root /var/ftp && \
chmod og-w /var/ftp
RUN mv vsftpd /usr/local/sbin/vsftpd && \
mv vsftpd.conf /etc/
RUN echo 'echo Started FTP Server@ `hostname -i 2>/dev/null`:21' > /root/run.sh && \
echo "/usr/local/sbin/vsftpd" >> /root/run.sh
# CMD ["/bin/bash", "-c", "/bin/bash run.sh"]
WORKDIR /app
COPY . /app
# Creates a non-root user with an explicit UID and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-python-configure-containers
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser
# During debugging, this entry point will be overridden. For more information, please refer to https://aka.ms/vscode-docker-python-debug
# CMD ["gunicorn", "--bind", "0.0.0.0:5002", "__init__:app"]
COPY scripts/start.sh .
USER root
RUN chmod +x start.sh
RUN chmod +x /root/run.sh
USER appuser
CMD ["/bin/bash", "-c", "./start.sh"]
...和
start.sh
就像:
#!/bin/bash
/bin/bash /root/run.sh
gunicorn --bind 0.0.0.0:5002 __init__:app
启动容器后总是出现
run.sh: permission denied
错误,因为run.sh
需要root权限才能启动vsftpd服务,但容器的用户是appuser
。
但是,我不想切换到 root 来运行容器。
是否有解决方案以 root 用户身份启动 vsftpd 服务,但以非 root 用户身份运行容器?
编辑:如果我从倒数第二行删除
USER appuser
,它将正常工作。
添加访问
/root
目录的权限
...
RUN chmod +x start.sh
RUN chmod +x /root/run.sh
RUN chmod a+rx /root
USER appuser
...