Docker: passwordless sudo acces in regular shell

Here is my Dockerfile for simple access over SSH on 8031 port

FROM alpine:latest
    RUN apk add --no-cache php8 \
    php8-common \
    php8-fpm \
    php8-pdo \
    php8-opcache \
    php8-zip \
    php8-phar \
    php8-iconv \
    php8-cli \
    php8-curl \
    php8-openssl \
    php8-mbstring \
    php8-tokenizer \
    php8-fileinfo \
    php8-json \
    php8-xml \
    php8-xmlwriter \
    php8-xmlreader \
    php8-simplexml \
    php8-dom \
    php8-pdo_mysql \
    php8-pdo_sqlite \
    php8-tokenizer \
    php8-pecl-redis \
    php8-pdo_pgsql \
    php8-gd


    RUN apk add --update --no-cache openssh 
    RUN apk add sudo
    RUN echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
    RUN echo 'Port 8031' >> /etc/ssh/sshd_config
    RUN adduser -h /home/userdev -s /bin/sh -D userdev
    RUN echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/wheel
    RUN adduser userdev wheel
    RUN echo -n 'userdev:mypassword' | chpasswd
    ENTRYPOINT ["/entrypoint.sh"]
    RUN apk --update --no-cache upgrade \
    && apk add bash \ 
    && apk add nano \ 
    && apk add nodejs npm \
    && apk add gmp gmp-dev \
    && apk add git htop \
    && apk add mc nano \
    && apk add acl screen
    RUN mkdir -pv /var/www/html
    RUN setfacl -R -m u:userdev:rwX /var/www/html
    COPY .screenrc /home/userdev/
    COPY --from=composer:latest /usr/bin/composer /usr/local/bin/composer

   EXPOSE 8031
   COPY entrypoint.sh /

entrypoint.sh

#!/bin/bash

ssh-keygen -A
exec /usr/sbin/sshd -D -e "$@"

docker-compose.yml

name: docker-openssh-server
services:
  openssh:
    image: alpine-sshd-final:latest
    
    ports:
    - "8031:8031"
    network_mode: "host"  
    
    volumes:
    - /var/www/html:/var/www/html
    - ./sshd_config:/etc/ssh/sshd_config 
networks:
  default:
    name: docker-openssh-server_default

Everything is working as it should when I’m connecting to the SSH daemon-I can run sudo -i without a password.

But when I run docker exec -it -u userdev:userdev container_name /bin/bash sudo asks for a password?

Why is this happening there and is it possible to make it passwordless in the second case too?

This is how you override the user group. The only requirement for the passwordless sudo is the wheel group, but if you specify the group after the username, the user will get that group only. Try this:

docker exec -it -u userdev container_name /bin/bash
1 Like

Thank you for meaningful advice I will try this approach as soon as get back to that task.