From 509b8fc5379d64ed22b117b77bf8826724bb4a69 Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Tue, 25 Mar 2025 21:07:41 +0100
Subject: [PATCH] WIP password change and persistance
---
.env.sample | 4 ++--
docker-compose.yml | 3 ++-
docker/kasm/Dockerfile | 14 +-------------
docker/kasm/change_password.sh | 16 +++++-----------
docker/kasm/custom_startup.sh | 29 ++++++++++++++++++++++-------
docker/kasm/lecture | 6 ++++++
kasm | 2 +-
7 files changed, 39 insertions(+), 35 deletions(-)
create mode 100644 docker/kasm/lecture
diff --git a/.env.sample b/.env.sample
index 9c304c8..d557009 100644
--- a/.env.sample
+++ b/.env.sample
@@ -6,7 +6,7 @@ PASS=MON_SUPER_MOT_DE_PASSE
NAME=kasmVNC
VNC_USER=kasm
HOST=kasmVNC.tetras-lab.io
-PORT=6901
+PORT=3001
UID=1000
GID=1000
@@ -25,4 +25,4 @@ ANACONDA=true
QGIS=true
# Should the user have sudo rights
# **only home is a volume, any modifcation in other FS will be lost**
-SUDO=true
+SUDO=false
diff --git a/docker-compose.yml b/docker-compose.yml
index 8f99852..96369d5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,7 +12,7 @@ services:
security_opt:
- seccomp:unconfined #optional
volumes:
- - homedir:/config/:rw
+ - homedir:/config:rw
environment:
- PASSWORD=${PASS}
- ANACONDA=${ANACONDA}
@@ -20,6 +20,7 @@ services:
- PUID=${UID}
- PGID=${GID}
- TZ=${TZ}
+ - SUDO=${SUDO}
devices:
- /dev/dri:/dev/dri #optional
diff --git a/docker/kasm/Dockerfile b/docker/kasm/Dockerfile
index db88ecf..befc64f 100644
--- a/docker/kasm/Dockerfile
+++ b/docker/kasm/Dockerfile
@@ -1,17 +1,10 @@
FROM lscr.io/linuxserver/webtop:ubuntu-mate as kasmvnc-base
-#ENV HOME /home/kasm-default-profile
ENV STARTUPDIR /custom-cont-init.d
-#ENV INST_SCRIPTS $STARTUPDIR/install
-######### Customize Container Here ###########
-
-ARG SPYDER
ARG QGIS
ARG ANACONDA
ARG ANACONDA_VERS=Anaconda3-2024.02-1
-ARG KASM_USER
-
RUN apt-get update && \
apt-get install -y \
@@ -44,9 +37,4 @@ RUN if [ "$QGIS" = true ] ; then \
COPY custom_startup.sh $STARTUPDIR/custom_startup.sh
COPY change_password.sh /
-
-# TODO usermod
-# Homedir
-# Sudoer
-# username
-# lecture file for sudo
+COPY lecture /etc/sudoers.lecture
diff --git a/docker/kasm/change_password.sh b/docker/kasm/change_password.sh
index 1e4c694..491630b 100755
--- a/docker/kasm/change_password.sh
+++ b/docker/kasm/change_password.sh
@@ -1,22 +1,16 @@
#!/bin/bash
title="Changement du mot de passe"
-password=$(zenity --title="$title" --text="Veuillez entrer votre mot de passe" --entry)
+password=$(zenity --title="$title" --text="Veuillez entrer votre nouveau mot de passe" --entry)
confirm=$(zenity --title="$title" --text="Veuillez confirmer votre mot de passe" --entry)
icon="error"
ok=0
if [ "$password" == "$confirm" ]; then
ok=1
- message=$(echo -e "$password\n$password\n" | kasmvncpasswd -u $KASM_USER -wo 2>&1)
- if [ $? -eq 0 ]; then
- # TODO generate htpassword file in /etc/nginx/.htpasswd and copy it to /home/$KASM_USER/.htpasswd
- cp $HOME/.kasmpasswd $HOME/.kasmpasswd.persist
- cut -d : -f 1-2 $HOME/.kasmpasswd > $HOME/.nginxpasswd
- # Restart the VNC server
- kill $(cat .vnc/*.pid)
- icon="info"
- message="Le mot de passe a été changé"
- fi
+ printf "${CUSTOM_USER}:$(openssl passwd -apr1 ${password})\n" > /etc/nginx/.htpasswd
+ cp /etc/nginx/.htpasswd $HOME/.htpasswd.persist
+ icon="info"
+ message="Le mot de passe a été changé"
else
message="La confirmation du mot de passe n'est pas identique au mot de passe"
fi
diff --git a/docker/kasm/custom_startup.sh b/docker/kasm/custom_startup.sh
index 8833517..d849277 100755
--- a/docker/kasm/custom_startup.sh
+++ b/docker/kasm/custom_startup.sh
@@ -1,5 +1,21 @@
#!/bin/bash
-VNC_HOME=/home/kasm-user
+
+login=abc
+VNC_HOME=/config
+
+if [ "$SUDO" == "true" ]; then
+ if [ -z "$(grep 'alias sudo' $VNC_HOME)" ]; then
+ echo 'alias sudo="cat /etc/sudoers.lecture; sudo $@"' >> $VNC_HOME/.bashrc
+ fi
+else
+ echo "Removing sudo right to ${CUSTOM_USER}"
+ gpasswd --delete $login sudo
+fi
+
+if [ -f $VNC_HOME/.htpasswd.persist ]; then
+ cp $VNC_HOME/.htpasswd.persist /etc/nginx/.htpasswd
+fi
+chown $PUID:root /etc/nginx/.htpasswd
# Add changepassword icon
mkdir -p $VNC_HOME/Desktop
@@ -13,19 +29,18 @@ terminal=true
EOF
if [ "$ANACONDA" == 'true' ]; then
+ if [ -z "$(grep 'conda init' $VNC_HOME/.bashrc)" ]; then
+ sudo -u $login bash /install/Anaconda3-*.sh -b
+ sudo -u $login $VNC_HOME/anaconda3/bin/conda init
+ fi
cat <<eof > $VNC_HOME/Desktop/anaconda.desktop
[Desktop Entry]
Type=Application
Name=Anaconda
Terminal=true
-Icon=$VNC_HOME/anaconda3/lib/python3.8/site-packages/anaconda_navigator/static/images/anaconda.png
+Icon=$(find $VNC_HOME/anaconda3/ -iname anaconda.png | head -n 1)
Exec=$VNC_HOME/anaconda3/bin/anaconda-navigator
eof
-
-if [ -z "$(grep 'conda init' $VNC_HOME/.bashrc)" ]; then
- bash /install/Anaconda3-*.sh -b
- $VNC_HOME/anaconda3/bin/conda init
-fi
fi
cat <<eof > $VNC_HOME/Desktop/spyder.desktop
diff --git a/docker/kasm/lecture b/docker/kasm/lecture
new file mode 100644
index 0000000..b5a1927
--- /dev/null
+++ b/docker/kasm/lecture
@@ -0,0 +1,6 @@
+################################### WARNING ###################################
+Although you have root access, any change to the main file system will be
+dropped upon container restart.
+If you whish to install new softwares please contact the system administrator
+for help.
+###############################################################################
diff --git a/kasm b/kasm
index 99d851c..6fe8182 100755
--- a/kasm
+++ b/kasm
@@ -53,7 +53,7 @@ case $action in
$compose down $@
;;
"reset_passwd")
- $cmd rm .htpasswd
+ $cmd rm .htpasswd.persist
$compose down
$compose up -d
;;
--
GitLab