Docker Community Forums

Share and learn in the Docker community.

Not able to sudo wihout password inside docker, in host sudo doesn't ask password


(Sunsekar) #1

I am testing something in docker, it requires sudo without entering password, I added required entries in /etc/sudoers. After that in host it doesn’t ask for password. But in case of docker it still ask for password. BTW, I am running fedora 24 as VirtualBox VM inside Fedora 24 host.

OS type : Fedora 24 (uname -r : 4.11.12-100.fc24.x86_64 )

Docker version :

abc@webster $ docker version
Client:
Version: 17.06.0-ce
API version: 1.30
Go version: go1.8.3
Git commit: 02c1d87
Built: Fri Jun 23 21:23:42 2017
OS/Arch: linux/amd64

Server:
Version: 17.06.0-ce
API version: 1.30 (minimum version 1.12)
Go version: go1.8.3
Git commit: 02c1d87
Built: Fri Jun 23 21:25:02 2017
OS/Arch: linux/amd64
Experimental: false

Here is the details…
>
> abc@webster $ sudo bash
>
> root@webster $ cat /etc/sudoers
> ## Sudoers allows particular users to run various commands as
> …
> …
> ## Allow root to run any commands anywhere
> root ALL=(ALL) ALL
>
> ## Allows people in group wheel to run all commands
> %wheel ALL=(ALL) ALL
>
> ## Same thing without a password
> # %wheel ALL=(ALL) NOPASSWD: ALL
>
> %users ALL=(ALL) ALL
> %admin ALL=(ALL) NOPASSWD: ALL
>
> %sudo ALL=(ALL:ALL) ALL
> abc ALL=(ALL) NOPASSWD: ALL
> #abc ALL=(ALL) ALL
>
>
> abc@webster $ id
> uid=1000(abc) gid=1000(abc) groups=1000(abc),10(wheel),100(users),977(docker),1001(admin) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>
>
> abc@fc-docker $ sudo bash
> [sudo] password for abc:


(Sunsekar) #2

The issue is solved. I have logged in as root into docker and modified docker’s /etc/sudoers. Now it doesn’t ask password for sudo bash. I logged in as root using this command. " docker exec -it fc-docker bash "


(David Maze) #3

…since you can always get a root shell in a container with docker exec, and it’s kind of unusual to have an interactive container, it’s pretty unusual to set up sudo.

Also remember that containers frequently stop and get deleted, so if you make a configuration change via docker exec, it will be lost the next time you need to change the underlying base image of the container, or change environment variable settings, or change the published ports, or change mounted volumes, or … docker exec is definitely useful but you should avoid making it part of your core workflow.