Restricted shell within docker containerDocker Container Volumes Synced Locallybash not resizing correctly...
My colleague treats me like he's my boss, yet we're on the same level
Is there anything in the universe that cannot be compressed?
Ideas behind the 8.Bd3 line in the 4.Ng5 Two Knights Defense
How to get frequency counts using column breaks by row?
Power supply circuit for a PIC16F88 Microchip
In what language did Túrin converse with Mím?
Divide Numbers by 0
Why haven't the British protested Brexit as ardently as the Hong Kong protesters?
How many possible file types in the output `ls -l` command?
Does using composite keys violate 2NF
Who declared the Last Alliance to be the "last" and why?
How can I store milk for long periods of time?
How were US credit cards verified in-store in the 1980's?
How to differentiate between two people with the same name in a story?
Can you use Apple Care+ without any checks (bringing just MacBook)?
Heuristic argument for the Riemann Hypothesis
How is the anglicism "jackpot" commonly expressed in French?
How would a disabled person earn their living in a medieval-type town?
How to investigate an unknown 1.5GB file named "sudo" in my Linux home directory?
What is the chance of getting a Red Cabbage in year 1?
Did NASA/JPL get "waning" and "waxing" backwards in this video?
I failed to respond to a potential advisor
Modeling an M1A2 Smoke Grenade Launcher
Received email from ISP saying one of my devices has malware
Restricted shell within docker container
Docker Container Volumes Synced Locallybash not resizing correctly within interactive Docker containeriptables limit inbound connections to Docker containerCrontab in docker containerDo `docker container rm` and `docker container kill` effectively achieve the same?Does every docker container directly present only a shell?'pthread_create: Resource temporarily unavailable' when running multiple docker instancesUser switching within a Docker container's context
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
Some context for my question: I am working on a pty NodeJS server running in docker where I want to provide users connecting to the shell an isolated environment where they can play around with commands without affecting any other users connected to the docker container.
I have looked into cgroups, namespaces, jailkit and chroot but not sure where to start. There is a site called tutorialspoint which provides a bash playground and this is pretty much what I am trying to achieve https://www.tutorialspoint.com/execute_bash_online.php
So in conclusion I want to run a docker container where I can easily spawn new shells for any amount of users. The shells should be restricted to having only write access in the users home folder and I want to limit the commands a user can run. In the world of Unix, what would I use to achieve this?
Thank you so much in advance!
EDIT: One thing that confused me is that if I run the following commands in the bash playground on tutorialspoint:
id
cat /etc/passwd
I do not see the current user in the passwd list. Why is it that the passwd on tutorialspoint does not include the connected users? How does that work together with the Unix permission model?
docker chroot limit pty jails
asked 2 hours ago
Joakim HanssonJoakim Hansson
1012 bronze badges
New contributor
Joakim Hansson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Some context for my question: I am working on a pty NodeJS server running in docker where I want to provide users connecting to the shell an isolated environment where they can play around with commands without affecting any other users connected to the docker container.
I have looked into cgroups, namespaces, jailkit and chroot but not sure where to start. There is a site called tutorialspoint which provides a bash playground and this is pretty much what I am trying to achieve https://www.tutorialspoint.com/execute_bash_online.php
So in conclusion I want to run a docker container where I can easily spawn new shells for any amount of users. The shells should be restricted to having only write access in the users home folder and I want to limit the commands a user can run. In the world of Unix, what would I use to achieve this?
Thank you so much in advance!
EDIT: One thing that confused me is that if I run the following commands in the bash playground on tutorialspoint:
id
cat /etc/passwd
I do not see the current user in the passwd list. Why is it that the passwd on tutorialspoint does not include the connected users? How does that work together with the Unix permission model?
docker chroot limit pty jails
asked 2 hours ago
Joakim HanssonJoakim Hansson
1012 bronze badges
New contributor
Joakim Hansson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Technically it would be a lot simpler/safer to spawn a container per user. Containers are not VMs, they are mere processes.
– xenoid
1 hour ago
@xenoid Thank you, I think this is where I am heading. I just tried starting a container as a different userdocker run --rm -it --name test --user 1000 debian bashand It's close to what I am looking for
– Joakim Hansson
1 hour ago
add a comment |
Some context for my question: I am working on a pty NodeJS server running in docker where I want to provide users connecting to the shell an isolated environment where they can play around with commands without affecting any other users connected to the docker container.
I have looked into cgroups, namespaces, jailkit and chroot but not sure where to start. There is a site called tutorialspoint which provides a bash playground and this is pretty much what I am trying to achieve https://www.tutorialspoint.com/execute_bash_online.php
So in conclusion I want to run a docker container where I can easily spawn new shells for any amount of users. The shells should be restricted to having only write access in the users home folder and I want to limit the commands a user can run. In the world of Unix, what would I use to achieve this?
Thank you so much in advance!
EDIT: One thing that confused me is that if I run the following commands in the bash playground on tutorialspoint:
id
cat /etc/passwd
I do not see the current user in the passwd list. Why is it that the passwd on tutorialspoint does not include the connected users? How does that work together with the Unix permission model?
docker chroot limit pty jails
asked 2 hours ago
Joakim HanssonJoakim Hansson
1012 bronze badges
New contributor
Joakim Hansson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Some context for my question: I am working on a pty NodeJS server running in docker where I want to provide users connecting to the shell an isolated environment where they can play around with commands without affecting any other users connected to the docker container.
I have looked into cgroups, namespaces, jailkit and chroot but not sure where to start. There is a site called tutorialspoint which provides a bash playground and this is pretty much what I am trying to achieve https://www.tutorialspoint.com/execute_bash_online.php
So in conclusion I want to run a docker container where I can easily spawn new shells for any amount of users. The shells should be restricted to having only write access in the users home folder and I want to limit the commands a user can run. In the world of Unix, what would I use to achieve this?
Thank you so much in advance!
EDIT: One thing that confused me is that if I run the following commands in the bash playground on tutorialspoint:
id
cat /etc/passwd
I do not see the current user in the passwd list. Why is it that the passwd on tutorialspoint does not include the connected users? How does that work together with the Unix permission model?
docker chroot limit pty jails
docker chroot limit pty jails
asked 2 hours ago
Joakim HanssonJoakim Hansson
1012 bronze badges
New contributor
Joakim Hansson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 hours ago
Joakim HanssonJoakim Hansson
1012 bronze badges
New contributor
Joakim Hansson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 1 hour ago
Joakim Hansson
asked 2 hours ago
Joakim HanssonJoakim Hansson
1012 bronze badges
New contributor
Joakim Hansson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 hours ago
Joakim HanssonJoakim Hansson
1012 bronze badges
asked 2 hours ago
Joakim HanssonJoakim Hansson
1012 bronze badges
1012 bronze badges
New contributor
Joakim Hansson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Joakim Hansson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Technically it would be a lot simpler/safer to spawn a container per user. Containers are not VMs, they are mere processes.
– xenoid
1 hour ago
@xenoid Thank you, I think this is where I am heading. I just tried starting a container as a different userdocker run --rm -it --name test --user 1000 debian bashand It's close to what I am looking for
– Joakim Hansson
1 hour ago
add a comment |
Technically it would be a lot simpler/safer to spawn a container per user. Containers are not VMs, they are mere processes.
– xenoid
1 hour ago
@xenoid Thank you, I think this is where I am heading. I just tried starting a container as a different userdocker run --rm -it --name test --user 1000 debian bashand It's close to what I am looking for
– Joakim Hansson
1 hour ago
Technically it would be a lot simpler/safer to spawn a container per user. Containers are not VMs, they are mere processes.
– xenoid
1 hour ago
Technically it would be a lot simpler/safer to spawn a container per user. Containers are not VMs, they are mere processes.
– xenoid
1 hour ago
@xenoid Thank you, I think this is where I am heading. I just tried starting a container as a different user
docker run --rm -it --name test --user 1000 debian bash and It's close to what I am looking for– Joakim Hansson
1 hour ago
@xenoid Thank you, I think this is where I am heading. I just tried starting a container as a different user
docker run --rm -it --name test --user 1000 debian bash and It's close to what I am looking for– Joakim Hansson
1 hour ago
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Joakim Hansson is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f538514%2frestricted-shell-within-docker-container%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Joakim Hansson is a new contributor. Be nice, and check out our Code of Conduct.
Joakim Hansson is a new contributor. Be nice, and check out our Code of Conduct.
Joakim Hansson is a new contributor. Be nice, and check out our Code of Conduct.
Joakim Hansson is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f538514%2frestricted-shell-within-docker-container%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Technically it would be a lot simpler/safer to spawn a container per user. Containers are not VMs, they are mere processes.
– xenoid
1 hour ago
@xenoid Thank you, I think this is where I am heading. I just tried starting a container as a different user
docker run --rm -it --name test --user 1000 debian bashand It's close to what I am looking for– Joakim Hansson
1 hour ago