以非root用户启动容器,但以root身份启动服务?

问题描述 投票:0回答:1

我正在尝试使用 vsftpd 2.3.4 构建一个易受攻击的 dockerized web 应用程序用于测试目的。

我的

Dockerfile
就像:

# For more information, please refer to https://aka.ms/vscode-docker-python
FROM python:3.12-slim

EXPOSE 5002

# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1

# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1

# Install pip requirements
COPY requirements.txt .
RUN python -m pip install -r requirements.txt

# Install vsftpd 2.3.4
RUN apt-get update -y && apt-get install -y git
WORKDIR /root/
RUN git clone https://github.com/Anon-Exploiter/vulnerable-packages && \
    cd vulnerable-packages && \
    cd backdoored-vsftpd-2.3.4 && \
    mv * /root/ && \
    cd /root && \
    rm -rfv vulnerable-packages
RUN apt-get purge -y git && \
    apt-get -y autoclean && \
    apt-get -y autoremove && \
    apt-get -y clean
RUN mkdir /usr/share/empty/ && \
    mkdir /var/ftp/ && \
    useradd -d /var/ftp ftp
RUN chown root:root /var/ftp && \
    chmod og-w /var/ftp
RUN mv vsftpd /usr/local/sbin/vsftpd && \
    mv vsftpd.conf /etc/
RUN echo 'echo Started FTP Server@ `hostname -i 2>/dev/null`:21' > /root/run.sh && \
    echo "/usr/local/sbin/vsftpd" >> /root/run.sh
# CMD ["/bin/bash", "-c", "/bin/bash run.sh"]

WORKDIR /app
COPY . /app

# Creates a non-root user with an explicit UID and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-python-configure-containers
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser

# During debugging, this entry point will be overridden. For more information, please refer to https://aka.ms/vscode-docker-python-debug
# CMD ["gunicorn", "--bind", "0.0.0.0:5002", "__init__:app"]

COPY scripts/start.sh .
USER root
RUN chmod +x start.sh
RUN chmod +x /root/run.sh
USER appuser
CMD ["/bin/bash", "-c", "./start.sh"]

...和 

start.sh
就像:

#!/bin/bash
/bin/bash /root/run.sh
gunicorn --bind 0.0.0.0:5002 __init__:app

启动容器后总是出现

run.sh: permission denied
错误,因为
run.sh
需要root权限才能启动vsftpd服务,但容器的用户是
appuser

但是,我不想切换到 root 来运行容器。

是否有解决方案以 root 用户身份启动 vsftpd 服务,但以非 root 用户身份运行容器?

编辑:如果我从倒数第二行删除

USER appuser
,它将正常工作。

linux bash docker
1个回答
0
投票

添加访问

/root
目录的权限

...
RUN chmod +x start.sh
RUN chmod +x /root/run.sh
RUN chmod a+rx /root
USER appuser
...
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.