WIP password change and persistance

.env.sample

@@ -6,7 +6,7 @@ PASS=MON_SUPER_MOT_DE_PASSE
 NAME=kasmVNC
 VNC_USER=kasm
 HOST=kasmVNC.tetras-lab.io
-PORT=6901
+PORT=3001
 UID=1000
 GID=1000
 
@@ -25,4 +25,4 @@ ANACONDA=true
 QGIS=true
 # Should the user have sudo rights
 # **only home is a volume, any modifcation in other FS will be lost**
-SUDO=true
+SUDO=false

docker-compose.yml

@@ -12,7 +12,7 @@ services:
     security_opt:
       - seccomp:unconfined #optional
     volumes:
-      - homedir:/config/:rw
+      - homedir:/config:rw
     environment:
       - PASSWORD=${PASS}
       - ANACONDA=${ANACONDA}
@@ -20,6 +20,7 @@ services:
       - PUID=${UID}
       - PGID=${GID}
       - TZ=${TZ}
+      - SUDO=${SUDO}
     devices:
       - /dev/dri:/dev/dri #optional
 

docker/kasm/Dockerfile

 FROM lscr.io/linuxserver/webtop:ubuntu-mate as kasmvnc-base
 
-#ENV HOME /home/kasm-default-profile
 ENV STARTUPDIR /custom-cont-init.d
-#ENV INST_SCRIPTS $STARTUPDIR/install
 
-######### Customize Container Here ###########
-
-ARG SPYDER
 ARG QGIS
 ARG ANACONDA
 ARG ANACONDA_VERS=Anaconda3-2024.02-1
-ARG KASM_USER
-
 
 RUN apt-get update && \
     apt-get install -y \
@@ -44,9 +37,4 @@ RUN if [ "$QGIS" = true ] ; then \
 
 COPY custom_startup.sh $STARTUPDIR/custom_startup.sh
 COPY change_password.sh /
-
-# TODO usermod
-# Homedir
-# Sudoer
-# username
-# lecture file for sudo
+COPY lecture /etc/sudoers.lecture

docker/kasm/change_password.sh

 #!/bin/bash
 
 title="Changement du mot de passe"
-password=$(zenity --title="$title" --text="Veuillez entrer votre mot de passe" --entry)
+password=$(zenity --title="$title" --text="Veuillez entrer votre nouveau mot de passe" --entry)
 confirm=$(zenity --title="$title" --text="Veuillez confirmer votre mot de passe" --entry)
 icon="error"
 ok=0
 if [ "$password" == "$confirm" ]; then
     ok=1
-    message=$(echo -e "$password\n$password\n" | kasmvncpasswd -u $KASM_USER -wo 2>&1)
-    if [ $? -eq 0 ]; then
-        # TODO generate htpassword file in /etc/nginx/.htpasswd and copy it to /home/$KASM_USER/.htpasswd
-        cp $HOME/.kasmpasswd $HOME/.kasmpasswd.persist
-        cut -d : -f 1-2 $HOME/.kasmpasswd > $HOME/.nginxpasswd
-        # Restart the VNC server
-        kill $(cat .vnc/*.pid)
+    printf "${CUSTOM_USER}:$(openssl passwd -apr1 ${password})\n" > /etc/nginx/.htpasswd
+    cp /etc/nginx/.htpasswd $HOME/.htpasswd.persist
     icon="info"
     message="Le mot de passe a été changé"
-    fi
 else
     message="La confirmation du mot de passe n'est pas identique au mot de passe"
 fi

docker/kasm/custom_startup.sh

 #!/bin/bash
-VNC_HOME=/home/kasm-user
+
+login=abc
+VNC_HOME=/config
+
+if [ "$SUDO" == "true" ]; then
+    if [ -z "$(grep 'alias sudo' $VNC_HOME)" ]; then
+        echo 'alias sudo="cat /etc/sudoers.lecture; sudo $@"' >> $VNC_HOME/.bashrc
+    fi
+else
+    echo "Removing sudo right to ${CUSTOM_USER}"
+    gpasswd --delete $login sudo
+fi
+
+if [ -f $VNC_HOME/.htpasswd.persist ]; then
+    cp $VNC_HOME/.htpasswd.persist /etc/nginx/.htpasswd
+fi
+chown $PUID:root  /etc/nginx/.htpasswd
 
 # Add changepassword icon
 mkdir -p $VNC_HOME/Desktop
@@ -13,19 +29,18 @@ terminal=true
 EOF
 
 if [ "$ANACONDA" == 'true' ]; then
+    if [ -z "$(grep 'conda init' $VNC_HOME/.bashrc)" ]; then
+        sudo -u $login bash /install/Anaconda3-*.sh -b
+        sudo -u $login $VNC_HOME/anaconda3/bin/conda init
+    fi
 cat <<eof > $VNC_HOME/Desktop/anaconda.desktop
 [Desktop Entry]
 Type=Application
 Name=Anaconda
 Terminal=true
-Icon=$VNC_HOME/anaconda3/lib/python3.8/site-packages/anaconda_navigator/static/images/anaconda.png
+Icon=$(find $VNC_HOME/anaconda3/ -iname anaconda.png | head -n 1)
 Exec=$VNC_HOME/anaconda3/bin/anaconda-navigator
 eof
-
-if [ -z "$(grep 'conda init' $VNC_HOME/.bashrc)" ]; then
-    bash /install/Anaconda3-*.sh -b
-    $VNC_HOME/anaconda3/bin/conda init
-fi
 fi
 
 cat <<eof > $VNC_HOME/Desktop/spyder.desktop

docker/kasm/lecture

+################################### WARNING ###################################
+Although you have root access, any change to the main file system will be
+dropped upon container restart.
+If you whish to install new softwares please contact the system administrator
+for help.
+###############################################################################

kasm

@@ -53,7 +53,7 @@ case $action in
         $compose down $@
         ;;
     "reset_passwd")
-        $cmd rm .htpasswd
+        $cmd rm .htpasswd.persist
         $compose down
         $compose up -d
         ;;