Blocking root access to a docker container(Centos7) using puppet.

asked 2018-09-25 12:35:20 -0600

Knox gravatar image

Hello,

I am running a web app in a docker container and want to block/disable root access. The container is meant to be ephemeral and black box (at least as much as possible) Currently I have installed a puppet agent and have the user resource shell set to '/sbin/nologin', but it is not working.

Running 'puppet resource user root' I have verified that the shell has been changed to '/sbin/nologin' but I can still get to a root shell. I have restarted the container and still have access.

Does anybody know how to restrict access to the root shell for docker using puppet?

edit retag flag offensive close merge delete

Comments

Couldn't you do the same in the Dockerfile? I'm no docker expert but if all you want to do is set /sbin/nologin for the shell for the root user, I'd do that when building the container, not after-the-fact with Puppet.

bschonecker gravatar imagebschonecker ( 2018-10-03 18:33:41 -0600 )edit

Also, I don't think docker containers 'remember' any settings when you restart them.

bschonecker gravatar imagebschonecker ( 2018-10-03 18:34:38 -0600 )edit