Skip to content

Commit

Permalink
resolve issues with missing user in containers
Browse files Browse the repository at this point in the history 
This change resolves an issue in container where the user id is not found.

This will create a passwd file with a single line that is for the container user using the uid and gid of the pterodactyl user.

As an added security benefit this would also stop users being able to just use `/bin/bash` as it sets the users terminal to nologin by default and is configurable

example passwd file contents  
`container:x:999:999::/home/container:/usr/sbin/nologin`
  • Loading branch information
@parkervcp
parkervcp committed Aug 12, 2023
1 parent 438e5fd commit 49b00fc
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
20 changes: 20 additions & 0 deletions config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,8 @@ type SystemConfiguration struct {

Uid int `yaml:"uid"`
Gid int `yaml:"gid"`

Login bool `yaml:"login"`
} `yaml:"user"`

// The amount of time in seconds that can elapse before a server's disk space calculation is
Expand Down Expand Up @@ -526,6 +528,24 @@ func ConfigureDirectories() error {
return err
}

log.WithField("filepath", "/etc/pterodactyl//passwd").Debug("ensuring passwd file exists")
if passwd, err := os.Create("/etc/pterodactyl/passwd"); err != nil {
return err
} else {
shell := "/usr/sbin/nologin"
if _config.System.User.Login {
shell = "/bin/sh"
}

// the WriteFile method returns an error if unsuccessful
err := os.WriteFile(passwd.Name(), []byte(fmt.Sprintf("container:x:%d:%d::/home/container:%s", _config.System.User.Uid, _config.System.User.Gid, shell)), 0777)
// handle this error
if err != nil {
// print it out
fmt.Println(err)
}
}

// There are a non-trivial number of users out there whose data directories are actually a
// symlink to another location on the disk. If we do not resolve that final destination at this
// point things will appear to work, but endless errors will be encountered when we try to
Expand Down
6 changes: 6 additions & 0 deletions server/mounts.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,12 @@ func (s *Server) Mounts() []environment.Mount {
Source: s.Filesystem().Path(),
ReadOnly: false,
},
{
Default: true,
Target: "/etc/passwd",
Source: "/etc/pterodactyl/passwd",
ReadOnly: true,
},
}

// Also include any of this server's custom mounts when returning them.
Expand Down

0 comments on commit 49b00fc

Please sign in to comment.