Mai Lapyst
59ffbfc936
|
||
|---|---|---|
| src | ||
| .gitignore | ||
| Dockerfile.alpine | ||
| LICENSE | ||
| build.sh | ||
| readme.md | ||
readme.md
containersh
A login shell to forward a user's ssh session into a docker container
License
This project is licensed under AGPL-3.0-or-later. See the LICENSE file for more informations.
Building
Run ./build.sh.
Usage
Currently, only one docker image can be used; you'll need to create it beforehand:
- Upload
Dockerfile.alpineandbuild/containersh_stage2to the same directory on your server - Run
docker build -f Dockerfile.alpine -t containersh:alpine-3.18.4 . - Enjoy your container image!
To use containersh itself:
- Install / upload
build/containershto your server; preferabliy to a location such as/usr/local/bin. - Set the root user as owner:
chown root:root /usr/local/bin/containersh - Set the suid bit:
chmod +s /usr/local/bin/containersh; this is required in order for the binary to run docker commands - Use the binary as login chell for any user you want:
chsh -s /usr/local/bin/containersh <user> - Verify it is working by logging in one time
- ...
- Profit!
Roadmap
- cleaning up the code from TODO's
- replacing
getgrgidandinitgroupswith static-linkable equivalents - better shell escapeing of inputs for
addgroupandadduser - do not only rely on
SSH_TTYto know if we're in a tty and can use-itin the docker command
- replacing
- forward user's home dir & mount it in the container
- forward ALL of the user's groups into the container
- make everything configureable
- allow to use a 'in-between' shell for usecases where we want the connecting user decide what to do
- allow connecting to containers instead of creating new ones
- allow specifing the container name; also helps with persistency!
- allow for persistence containers
and so much more I propably can't think of right now!