Add user groups and disable SSH pasword login

build/COPY_ROOT/etc/ssh/sshd_config.d/no-password.conf

@@ -0,0 +1,2 @@
+PasswordAuthentication no
+

build/COPY_ROOT/opt/ai-dock/bin/init.sh

@@ -192,13 +192,14 @@ function init_create_user() {
  mkdir -p ${home_dir}
  groupadd -g $WORKSPACE_GID $USER_NAME
  useradd -ms /bin/bash $USER_NAME -d $home_dir -u $WORKSPACE_UID -g $WORKSPACE_GID
+ printf "user:%s" "$USER_PASSWORD" | chpasswd
  usermod -a -G $USER_GROUPS $USER_NAME
  # May not exist - todo check device ownership
  usermod -a -G render $USER_NAME
  usermod -a -G sgx $USER_NAME
  ln -s $home_dir /home/${USER_NAME}
  # See the README (in)security notice
- echo "${USER_NAME} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+ printf "%s ALL=(ALL) NOPASSWD: ALL\n" ${USER_NAME} >> /etc/sudoers
  if [[ ! -e ${home_dir}/.bashrc ]]; then
  cp -f /root/.bashrc ${home_dir}
  chown ${WORKSPACE_UID}:${WORKSPACE_GID} ${home_dir}/.bashrc

build/Dockerfile

@@ -19,7 +19,8 @@ ENV LC_ALL=C.UTF-8
 ENV TZ=UTC
 ENV SHELL="/bin/bash"
 ENV USER_NAME=user
-ENV USER_GROUPS=users,ai-dock,adm,sudo,audio,video,tty
+ENV USER_PASSWORD=password
+ENV USER_GROUPS=users,ai-dock,adm,sudo,audio,video,tty,cdrom,dialout,dip,fax,floppy,lp,plugdev,ssl-cert,sudo,tape,voice
 ENV DEBIAN_FRONTEND=noninteractive
 ENV PATH=/opt/ai-dock/bin:/opt/micromamba/bin:/opt/caddy/bin:$PATH
 ENV OPT_SYNC=