teach
/
adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

tuto3: keep ro passwd and shadow only for wks

This commit is contained in:
nemunaire 2019-05-03 17:51:18 +02:00 committed by Pierre-Olivier Mercier
parent a6dd4b5951
commit 1e9b4abb99
1 changed files with 9 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
tuto3.yml
View File

@ -196,16 +196,16 @@ services:
net: /run/netns/wks1
binds:
- /etc/ssh/sshd_config:/etc/ssh/sshd_config
- /var/lib/adlin/etc/apasswd:/etc/passwd
- /var/lib/adlin/etc/ashadow:/etc/shadow
- /etc/wpasswd:/etc/passwd
- /etc/wshadow:/etc/shadow
- name: sshd-wks2
image: linuxkit/sshd:6e4740bee64bf44e9913a1db4a38b5c3a5fb6ab1
net: /run/netns/wks2
binds:
- /etc/ssh/sshd_config:/etc/ssh/sshd_config
- /var/lib/adlin/etc/bpasswd:/etc/passwd
- /var/lib/adlin/etc/bshadow:/etc/shadow
- /etc/wpasswd:/etc/passwd
- /etc/wshadow:/etc/shadow
- name: mainrouter
image: nemunaire/adlin-tuto3:3b205f57d9d79733fb65e5a23fbf933334680083
@ -255,8 +255,6 @@ services:
- /etc/nsd:/etc/nsd.sample:ro
- /etc/network:/etc/network:ro
- /etc/services:/etc/services:ro
- /var/lib/adlin/etc/epasswd:/etc/passwd
- /var/lib/adlin/etc/eshadow:/etc/shadow
runtime:
mkdir:
- /var/lib/adlin/nsd
@ -353,26 +351,12 @@ files:
EOSQL
mode: "0555"
- path: /etc/init.d/012-rw-passwd.sh
contents: |
#!/bin/sh
mkdir -p /var/lib/adlin/etc/
cp /etc/dpasswd /var/lib/adlin/etc/apasswd
cp /etc/dshadow /var/lib/adlin/etc/ashadow
cp /etc/dpasswd /var/lib/adlin/etc/bpasswd
cp /etc/dshadow /var/lib/adlin/etc/bshadow
cp /etc/dpasswd /var/lib/adlin/etc/epasswd
cp /etc/dshadow /var/lib/adlin/etc/eshadow
exit 0
mode: "0555"
- path: /etc/init.d/999-rw-passwd.sh
contents: |
#!/bin/sh
cp /etc/dpasswd /containers/services/mainrouter/rootfs/etc/passwd
cp /etc/dshadow /containers/services/mainrouter/rootfs/etc/shadow
cp /etc/dpasswd /containers/services/matrix/rootfs/etc/passwd
cp /etc/dshadow /containers/services/matrix/rootfs/etc/shadow
sed -ri '/^root/s@^.*$@root:$6$B0qzwsEh$vfWGpIFUrKGrkT0PVtGhhomBwc.60IBIxjMLyG8mz.NJLFRryjqLK9sA/mzxNSaQViiHsYYrsgmcWVHblfdHg1:17968:0:99999:7:::@' /containers/services/mainrouter/rootfs/etc/shadow
sed -ri '/^root/s@^.*$@root:$6$B0qzwsEh$vfWGpIFUrKGrkT0PVtGhhomBwc.60IBIxjMLyG8mz.NJLFRryjqLK9sA/mzxNSaQViiHsYYrsgmcWVHblfdHg1:17968:0:99999:7:::@' /containers/services/matrix/rootfs/etc/shadow
sed -ri '/^root/s@^.*$@root:$6$B0qzwsEh$vfWGpIFUrKGrkT0PVtGhhomBwc.60IBIxjMLyG8mz.NJLFRryjqLK9sA/mzxNSaQViiHsYYrsgmcWVHblfdHg1:17968:0:99999:7:::@' /containers/services/ns-auth/rootfs/etc/shadow
exit 0
mode: "0555"
@ -443,7 +427,7 @@ files:
forward-addr: 9.9.9.9
mode: "0440"
- path: etc/dpasswd
- path: etc/wpasswd
contents: |
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
@ -464,17 +448,15 @@ files:
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/bin/false
messagebus:x:101:102::/var/run/dbus:/bin/false
sshd:x:102:65534::/run/sshd:/usr/sbin/nologin
systemd-timesync:x:103:105:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:104:106:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:105:107:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:106:108:systemd Bus Proxy,,,:/run/systemd:/bin/false
nsd:x:107:109::/run/nsd:/usr/sbin/nologin
mode: "0644"
- path: etc/dshadow
- path: etc/wshadow
contents: |
root:$6$B0qzwsEh$vfWGpIFUrKGrkT0PVtGhhomBwc.60IBIxjMLyG8mz.NJLFRryjqLK9sA/mzxNSaQViiHsYYrsgmcWVHblfdHg1:17968:0:99999:7:::
daemon:*:17575:0:99999:7:::
@ -495,13 +477,11 @@ files:
gnats:*:17575:0:99999:7:::
nobody:*:17575:0:99999:7:::
_apt:*:17575:0:99999:7:::
messagebus:*:17594:0:99999:7:::
sshd:*:17594:0:99999:7:::
systemd-timesync:*:17594:0:99999:7:::
systemd-network:*:17594:0:99999:7:::
systemd-resolve:*:17594:0:99999:7:::
systemd-bus-proxy:*:17594:0:99999:7:::
nsd:*:17594:0:99999:7:::
mode: "0640"
- path: etc/dresolv.conf