0

I'm using docker with ubuntu and I need to mount 

/etc/group 
/etc/shadow   
/etc/gshadow
/etc/passwd

inside an external volume, in order to avoid the password loosing each time I've to rebuild the docker container.

From the point of view of Ubuntu, I just need to permanently move these file to another folder like:

/bck/group 
/bck/shadow
/bck/gshadow
/bck/passwd

I've tried to make a symbolic link in /etc

lrwxrwxrwx  1 root root    21 Mar  7 15:50 group -> /bck/userbackup/group

But when I try to create a new user I've the following error.

For my (very very poor) knoledge there seems a problem related to access rights:

:/etc# adduser createuserxx
Adding user `createuserxx' ...
Adding new group `createuserxx' (1001) ...
groupadd: cannot open /etc/group
adduser: `/usr/sbin/groupadd -g 1001 createuserxx' returned error code 10. Exiting.
Marco
  • 113
  • 1
  • 1
  • 6

1 Answers1

0

I think there may be a better approach.

You could add the user in a Dockerfile, and then use the resulting container (with the account/password you created) as a base for other containers you build.

All else aside, mounting your host's /etc/{passwd,shadow,groups} makes your setup very tied to the host you are building containers on, which sort of defeats the point of using containers.

So I would suggest doing something like:

FROM $YOUR_BASE_OS

RUN useradd -s /bin/bash -g somegroup someuser
<....rest of dockerfile....>

If you build a container with those two lines only, and called it e.g. my-base-container, then for all your other containers, you could have:

FROM my-base-container:latest

RUN some command
CMD some other command
iwaseatenbyagrue
  • 3,588
  • 12
  • 22
  • Thank you for your answer. I want to mount user accounts in an external location, in order to backup them, so If an user changes his password, the password is automatically "saved" in the external volume with the file "passwd". I'm very agree with you with the consideration about the base OS, and I'm aware of it. Do you know any other approach to backup user credentials? I was thinking about a cron process. What do you think? – Marco Mar 09 '17 at 08:30
  • 1
    Hmmm - this sort of sounds like you might have a case for using some kind of central authentication server (e.g. LDAP, SASL, Kerberos/AD). But in general, yes, I guess I would probably use a cronjob here - I am not sure what having a container is really adding. Or maybe look into using a config management tool to sync up accounts (e.g. ansible, chef, puppet, saltstack). – iwaseatenbyagrue Mar 09 '17 at 08:35