WIP password change and persistance

509b8fc5 · David Beniamine · 9813422b · 509b8fc5 · 509b8fc5 · 509b8fc5
Verified Commit 509b8fc5 authored 2 months ago by David Beniamine
--- a/.env.sample
+++ b/.env.sample
@@ -6,7 +6,7 @@ PASS=MON_SUPER_MOT_DE_PASSE
 NAME=kasmVNC
 VNC_USER=kasm
 HOST=kasmVNC.tetras-lab.io
-PORT=6901
+PORT=3001
 UID=1000
 GID=1000
@@ -25,4 +25,4 @@ ANACONDA=true
 QGIS=true
 # Should the user have sudo rights
 # **only home is a volume, any modifcation in other FS will be lost**
-SUDO=true
+SUDO=false
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,7 +12,7 @@ services:
    security_opt:
      - seccomp:unconfined #optional
    volumes:
-      - homedir:/config/:rw
+      - homedir:/config:rw
    environment:
      - PASSWORD=${PASS}
      - ANACONDA=${ANACONDA}
@@ -20,6 +20,7 @@ services:
      - PUID=${UID}
      - PGID=${GID}
      - TZ=${TZ}
+      - SUDO=${SUDO}
    devices:
      - /dev/dri:/dev/dri #optional

--- a/docker/kasm/Dockerfile
+++ b/docker/kasm/Dockerfile
 FROM lscr.io/linuxserver/webtop:ubuntu-mate as kasmvnc-base
-#ENV HOME /home/kasm-default-profile
 ENV STARTUPDIR /custom-cont-init.d
-#ENV INST_SCRIPTS $STARTUPDIR/install
-######### Customize Container Here ###########
-ARG SPYDER
 ARG QGIS
 ARG ANACONDA
 ARG ANACONDA_VERS=Anaconda3-2024.02-1
-ARG KASM_USER
 RUN apt-get update && \
    apt-get install -y \
@@ -44,9 +37,4 @@ RUN if [ "$QGIS" = true ] ; then \
 COPY custom_startup.sh $STARTUPDIR/custom_startup.sh
 COPY change_password.sh /
+COPY lecture /etc/sudoers.lecture
-# TODO usermod
-# Homedir
-# Sudoer
-# username
-# lecture file for sudo
--- a/docker/kasm/change_password.sh
+++ b/docker/kasm/change_password.sh
 #!/bin/bash
 title="Changement du mot de passe"
-password=$(zenity --title="$title" --text="Veuillez entrer votre mot de passe" --entry)
+password=$(zenity --title="$title" --text="Veuillez entrer votre nouveau mot de passe" --entry)
 confirm=$(zenity --title="$title" --text="Veuillez confirmer votre mot de passe" --entry)
 icon="error"
 ok=0
 if [ "$password" == "$confirm" ]; then
    ok=1
-    message=$(echo -e "$password\n$password\n" | kasmvncpasswd -u $KASM_USER -wo 2>&1)
+    printf "${CUSTOM_USER}:$(openssl passwd -apr1 ${password})\n" > /etc/nginx/.htpasswd
-    if [ $? -eq 0 ]; then
+    cp /etc/nginx/.htpasswd $HOME/.htpasswd.persist
-        # TODO generate htpassword file in /etc/nginx/.htpasswd and copy it to /home/$KASM_USER/.htpasswd
-        cp $HOME/.kasmpasswd $HOME/.kasmpasswd.persist
-        cut -d : -f 1-2 $HOME/.kasmpasswd > $HOME/.nginxpasswd
-        # Restart the VNC server
-        kill $(cat .vnc/*.pid)
    icon="info"
    message="Le mot de passe a été changé"
-    fi
 else
    message="La confirmation du mot de passe n'est pas identique au mot de passe"
 fi

--- a/docker/kasm/custom_startup.sh
+++ b/docker/kasm/custom_startup.sh
 #!/bin/bash
-VNC_HOME=/home/kasm-user
+login=abc
+VNC_HOME=/config
+if [ "$SUDO" == "true" ]; then
+    if [ -z "$(grep 'alias sudo' $VNC_HOME)" ]; then
+        echo 'alias sudo="cat /etc/sudoers.lecture; sudo $@"' >> $VNC_HOME/.bashrc
+    fi
+else
+    echo "Removing sudo right to ${CUSTOM_USER}"
+    gpasswd --delete $login sudo
+fi
+if [ -f $VNC_HOME/.htpasswd.persist ]; then
+    cp $VNC_HOME/.htpasswd.persist /etc/nginx/.htpasswd
+fi
+chown $PUID:root  /etc/nginx/.htpasswd
 # Add changepassword icon
 mkdir -p $VNC_HOME/Desktop
@@ -13,19 +29,18 @@ terminal=true
 EOF
 if [ "$ANACONDA" == 'true' ]; then
+    if [ -z "$(grep 'conda init' $VNC_HOME/.bashrc)" ]; then
+        sudo -u $login bash /install/Anaconda3-*.sh -b
+        sudo -u $login $VNC_HOME/anaconda3/bin/conda init
+    fi
 cat <<eof > $VNC_HOME/Desktop/anaconda.desktop
 [Desktop Entry]
 Type=Application
 Name=Anaconda
 Terminal=true
-Icon=$VNC_HOME/anaconda3/lib/python3.8/site-packages/anaconda_navigator/static/images/anaconda.png
+Icon=$(find $VNC_HOME/anaconda3/ -iname anaconda.png | head -n 1)
 Exec=$VNC_HOME/anaconda3/bin/anaconda-navigator
 eof
-if [ -z "$(grep 'conda init' $VNC_HOME/.bashrc)" ]; then
-    bash /install/Anaconda3-*.sh -b
-    $VNC_HOME/anaconda3/bin/conda init
-fi
 fi
 cat <<eof > $VNC_HOME/Desktop/spyder.desktop

--- a/docker/kasm/lecture
+++ b/docker/kasm/lecture
+################################### WARNING ###################################
+Although you have root access, any change to the main file system will be
+dropped upon container restart.
+If you whish to install new softwares please contact the system administrator
+for help.
+###############################################################################
--- a/kasm
+++ b/kasm
@@ -53,7 +53,7 @@ case $action in
        $compose down $@
        ;;
    "reset_passwd")
-        $cmd rm .htpasswd
+        $cmd rm .htpasswd.persist
        $compose down
        $compose up -d
        ;;