Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] confusing init-adduser behavior when picking a USER_NAME which collides with system user #93

Open
1 task done
chrishoage opened this issue Nov 13, 2024 · 1 comment
Open
1 task done

[BUG] confusing init-adduser behavior when picking a USER_NAME which collides with system user #93

chrishoage opened this issue Nov 13, 2024 · 1 comment

Comments

@chrishoage
Copy link

chrishoage commented Nov 13, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

When specifying a USER_NAME and this user exists already (e.g. listed in /etc/passwd) usermod fails with an error and authorized_keys is looked up from /sbin

Currently this log is all that is present to signify there is an issue usermod: user 'sync' already exists

I missed this log initially and only saw it once I found the issue after looking at the ssh debug logs.

Expected Behavior

An error should be raised and the container should exit

Steps To Reproduce

Set USER_NAME to one of these users (I was using sync which was producing the error)

sync_server:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
guest:x:405:1000:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
klogd:x:100:101:klogd:/dev/null:/sbin/nologin

Environment

- OS:Arch Linux
- How docker service was installed: pacman

CPU architecture

x86-64

Docker creation

docker compose up with SYNC_SSH_PUBLIC_KEY and SYNC_SSH_PUBLIC_KEY set in env

services:
  sftp-server:
    image: lscr.io/linuxserver/openssh-server:latest
    container_name: openssh_server
    hostname: sync_server
    environment:
      - PUID=1000
      - PGID=1000
      - PUBLIC_KEY=${SYNC_SSH_PUBLIC_KEY:?}
      - USER_NAME=sync
      - LOG_STDOUT=true
    volumes:
      - ./data:/data
      - ./ssh:/config
  alpine-test:
    image: alpine:latest
    container_name: alpine-test
    hostname: alpine-test
    volumes:
      - ./alpine:/config
    secrets:
      - source: sync_ssh_private_key
        mode: 0400
    command: ["tail", "-f", "/dev/null"]


secrets:
  sync_ssh_private_key:
    environment: SYNC_SSH_PRIVATE_KEY

Container logs

❯ op run --env-file secrets.env -- docker compose up --force-recreate --always-recreate-deps
 Container alpine-test  Recreate
 Container openssh_server  Recreate
 Container openssh_server  Recreated
 Container alpine-test  Recreated
Attaching to alpine-test, openssh_server
openssh_server  | [migrations] started
openssh_server  | [migrations] no migrations found
openssh_server  | usermod: user 'sync' already exists
openssh_server  | ───────────────────────────────────────
openssh_server  |
openssh_server  |       ██╗     ███████╗██╗ ██████╗
openssh_server  |       ██║     ██╔════╝██║██╔═══██╗
openssh_server  |       ██║     ███████╗██║██║   ██║
openssh_server  |       ██║     ╚════██║██║██║   ██║
openssh_server  |       ███████╗███████║██║╚██████╔╝
openssh_server  |       ╚══════╝╚══════╝╚═╝ ╚═════╝
openssh_server  |
openssh_server  |    Brought to you by linuxserver.io
openssh_server  | ───────────────────────────────────────
openssh_server  |
openssh_server  | To support LSIO projects visit:
openssh_server  | https://www.linuxserver.io/donate/
openssh_server  |
openssh_server  | ───────────────────────────────────────
openssh_server  | GID/UID
openssh_server  | ───────────────────────────────────────
openssh_server  |
openssh_server  | User UID:    1000
openssh_server  | User GID:    0
openssh_server  | ───────────────────────────────────────
openssh_server  | Linuxserver.io version: 9.7_p1-r4-ls172
openssh_server  | Build-date: 2024-11-10T18:48:18+00:00
openssh_server  | ───────────────────────────────────────
openssh_server  |
openssh_server  | User name is set to sync
openssh_server  | sudo is disabled.
openssh_server  | SSH host public key(s):

and the debug log that led me to understand what was happening

openssh_server  | debug1: temporarily_use_uid: 1000/0 (e=1000/0)
openssh_server  | debug1: trying public key file /sbin/.ssh/authorized_keys
@github-actions GitHub Actions
Copy link

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Issue & PR Tracker
Status: Issues
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chrishoage