sudo inside docker (on fedora) ask for password, on host it doesn't ask password

I am testing something in docker, it requires sudo without entering password, I added required entries in /etc/sudoers. After that in host it doesn't ask for password. But in case of docker it still ask for password. BTW, I am running fedora 24 in VirtualBox VM on a Fedora 24 host.

Here is the details...

abc@webster $ sudo bash

root@webster $ cat /etc/sudoers
## Sudoers allows particular users to run various commands as
...
...
## Allow root to run any commands anywhere 
root    ALL=(ALL)       ALL

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

%users ALL=(ALL) ALL
%admin ALL=(ALL) NOPASSWD: ALL

%sudo   ALL=(ALL:ALL)   ALL
abc      ALL=(ALL) NOPASSWD: ALL
#abc      ALL=(ALL)       ALL


abc@webster $ id
uid=1000(abc) gid=1000(abc) groups=1000(abc),10(wheel),100(users),977(docker),1001(admin) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023


abc@fc-docker $ sudo bash
[sudo] password for abc:

Chandrasekar

Posted 2018-02-20T04:25:48.647

Reputation: 221

1The container/image has its own /etc/sudoers file. – tkausl – 2018-02-20T05:18:51.793

Thanks @tkausl. I just noticed it doesn't accept the sudo password as well. It asks for it 3 times and throws this error "sudo: 3 incorrect password attempts" I changed the password to very simple one and still it throws same issue. BTW, the fedora 24 is a VirtualBox VM. – Chandrasekar – 2018-02-20T05:25:31.063

Hi @tkausl, I tried a different way and solved the problem. I used to log in to docker as " docker exec -it --user abc fc-docker bash ", when I removed the user part and logged in like, " docker exec -it fc-docker bash ", I logged in as root. Then I modified /etc/sudoers to NO PASSWORD. Not its working fine. Thanks. – Chandrasekar – 2018-03-05T12:14:04.673

Answers

Adding this as an answer for more clarity. Docker instance had its own /etc/sudoers. Which need to be updated to allow sudo without password. Login to docker instance as " docker exec -it fc-docker bash ", you will be logged in as root. Then add "abc ALL=(ALL) NOPASSWD: ALL" to /etc/sudoers/. Logout & login back, we can do sudo without password.

Chandrasekar

Posted 2018-02-20T04:25:48.647

Reputation: 221

Here's how I setup a non-root user with passworsdless access to the sudo group using the base image of ubuntu:18.04:

RUN \
    groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo && \
    sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
    sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
    sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' && \
    echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
    echo "Customized the sudoers file for passwordless access to the foo user!" && \
    echo "foo user:";  su - foo -c id

What happens with the above code:

The user and group foo is created.
The user foo is added to the both the foo and sudo group.
The uid and gid is set to the value of 999.
The home directory is set to /home/foo.
The shell is set to /bin/bash.
The sed command does inline updates to the /etc/sudoers file to allow foo and root users passwordless access to the sudo group.
The sed command disables the #includedir directive that would allow any files in subdirectories to override these inline updates.

Seth Bergman

Posted 2018-02-20T04:25:48.647

Reputation: 23