From: Le Yao Date: Tue, 1 Dec 2020 05:40:01 +0000 (+0000) Subject: Create Non-root user in CNF X-Git-Tag: 21-12-01~26^2 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=998a5882765d3726fbf4a9aeb54a07bdfd9090b3;p=icn%2Fsdwan.git Create Non-root user in CNF Create a non-root user wrt with privilege in CNF Signed-off-by: Le Yao Change-Id: I083ef1fa6ea5853bb2e9eb0320c4b6a2d7034e5e --- diff --git a/platform/cnf/src/Dockerfile_1806_mwan3.tpl b/platform/cnf/src/Dockerfile_1806_mwan3.tpl index 12142f7..b5194b1 100644 --- a/platform/cnf/src/Dockerfile_1806_mwan3.tpl +++ b/platform/cnf/src/Dockerfile_1806_mwan3.tpl @@ -10,6 +10,7 @@ RUN mkdir /var/lock && \ opkg install uhttpd-mod-lua && \ uci set uhttpd.main.interpreter='.lua=/usr/bin/lua' && \ uci commit uhttpd && \ + opkg install shadow-useradd shadow-groupadd shadow-usermod sudo && \ opkg install mwan3 jq bash && \ opkg install strongswan-default && \ opkg install luci-app-mwan3; exit 0 @@ -27,7 +28,11 @@ ENV http_proxy= ENV https_proxy= ENV no_proxy= -USER root +RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +RUN groupadd --system sudo && useradd wrt +RUN usermod -a -G sudo wrt + +USER wrt # using exec format so that /sbin/init is proc 1 (see procd docs) CMD ["/sbin/init"] diff --git a/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl b/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl index 692fc3c..97e162c 100644 --- a/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl +++ b/platform/cnf/src/Dockerfile_1806_mwan3_noproxy.tpl @@ -7,6 +7,7 @@ RUN mkdir /var/lock && \ opkg install uhttpd-mod-lua && \ uci set uhttpd.main.interpreter='.lua=/usr/bin/lua' && \ uci commit uhttpd && \ + opkg install shadow-useradd shadow-groupadd shadow-usermod sudo && \ opkg install mwan3 jq bash && \ opkg install strongswan-default && \ opkg install luci-app-mwan3; exit 0 @@ -20,7 +21,11 @@ COPY default_firewall /etc/config/firewall COPY rest_v1 /usr/lib/lua/luci/controller/rest_v1 COPY 10-default.conf /etc/sysctl.d/10-default.conf -USER root +RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +RUN groupadd --system sudo && useradd wrt +RUN usermod -a -G sudo wrt + +USER wrt # using exec format so that /sbin/init is proc 1 (see procd docs) CMD ["/sbin/init"]