From fcaacd2d3982a64c21410fc5809f9984ae04d689 Mon Sep 17 00:00:00 2001 From: Adrian Date: Tue, 21 Oct 2014 03:21:53 +0200 Subject: [PATCH] Public keys and entrypoint arguments --- Dockerfile | 2 +- README.md | 55 +++++++++++++++++++++++++++--------------------------- run | 33 +++++++++++++++++++++++++------- 3 files changed, 55 insertions(+), 35 deletions(-) diff --git a/Dockerfile b/Dockerfile index bb5acda..232f55f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,4 +17,4 @@ RUN mv sshd_config /etc/ssh/sshd_config && \ EXPOSE 22 -CMD ["./run"] +ENTRYPOINT ["./run"] diff --git a/README.md b/README.md index e422822..39b5fb8 100644 --- a/README.md +++ b/README.md @@ -6,11 +6,10 @@ Easy to use SFTP (*SSH File Transfer Protocol*) server. Usage ----- -- Define users and passwords in comma separated list with SFTP_USERS - (syntax: `user:pass[:e][:[uid][:gid]][,...]`). - - You must set custom UID and/or GID for your users if you want them to make - changes to your mounted volumes with permissions matching your host - filesystem. +- Define users as last arguments to `docker run`, one user per argument + (syntax: `user:pass[:e][:[uid][:gid]]`). + - You must set custom UID for your users if you want them to make changes to + your mounted volumes with permissions matching your host filesystem. - Mount volumes in user's home folder. - The users are chrooted to their home directory, so you must mount the volumes in separate directories inside the user's home directory @@ -23,41 +22,43 @@ Examples ``` docker run \ - -e SFTP_USERS='foo:123' \ - -v "/host/share:/home/foo/share" \ - -p 2222:22 -d atmoz/sftp + -v /host/share:/home/foo/share \ + -p 2222:22 -d atmoz/sftp \ + foo:123:1001 ``` ### Multiple users and volumes ``` docker run \ - -e SFTP_USERS='foo:123,bar:abc' \ - -v "/host/share:/home/foo/share" \ - -v "/host/documents:/home/foo/documents" \ - -v "/host/http:/home/bar/http" \ - -p 2222:22 -d atmoz/sftp -``` - -### Custom UID and GID - -``` -SFTP_USERS='foo:123:1001:100' -``` - -Only custom GID: - -``` -SFTP_USERS='foo:123::100' + -v /host/share:/home/foo/share \ + -v /host/documents:/home/foo/documents \ + -v /host/http:/home/bar/http \ + -p 2222:22 -d atmoz/sftp \ + foo:123:1001 \ + bar:abc:1002 ``` ### Encrypted password -Add `:e` behind password to mark it as encrypted: +Add `:e` behind password to mark it as encrypted. Use single quotes. ``` -SFTP_USERS='foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001:100' +docker run \ + -v /host/share:/home/foo/share \ + -p 2222:22 -d atmoz/sftp \ + 'foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001' ``` Tip: you can use makepasswd to generate encrypted passwords: `echo -n 123 | makepasswd --crypt-md5 --clearfrom -` + +### Use public key (without password) + +``` +docker run \ + -v /host/id_rsa.pub:/public_keys/foo:ro \ + -v /host/share:/home/foo/share \ + -p 2222:22 -d atmoz/sftp \ + foo::1001 +``` diff --git a/run b/run index 3d2a254..57c9a44 100644 --- a/run +++ b/run @@ -1,9 +1,8 @@ #!/bin/bash -# Add users (user:pass[:e][:[uid][:gid]][,...]) -IFS=',' read -a users <<< "$SFTP_USERS" -for userData in "${users[@]}"; do - IFS=':' read -a data <<< "$userData" +for users in "$@"; do + # user:pass[:e][:[uid][:gid]] + IFS=':' read -a data <<< "$users" user="${data[0]}" pass="${data[1]}" @@ -27,10 +26,30 @@ for userData in "${users[@]}"; do fi useradd $useraddParams "$user" - echo "$user:$pass" | chpasswd $chpasswdParams chown root:root /home/$user chmod 755 /home/$user + + if [ -z "$pass" ]; then + # just make a very long and random password + pass="$(echo `/dev/null 2>&1; then + mkdir -p /home/$user/.ssh + cp $user /home/$user/.ssh/authorized_keys + chown $user:users /home/$user/.ssh/authorized_keys + fi +done +cd /root + +exec /usr/sbin/sshd -D