2

I would like to set my user vault's password in the Dockerfile and I have tried

RUN echo -e "pass\npass" | passwd "${USER}"

but get

Enter new UNIX password: Retype new UNIX password: Sorry, passwords do not match
passwd: Authentication token manipulation error
passwd: password unchanged
The command '/bin/sh -c echo -e "pass\npass" | passwd "${USER}"' returned a non-zero code: 10

and am wondering if there's a better way to do this, instead?

stdcerr
  • 13,725
  • 25
  • 71
  • 128
  • 1
    You shouldn't usually need a user password at all; you can't "log in" to a container in any meaningful way, and there's nothing you can usually do in a container that needs a password. (If you need a root shell for debugging purposes, you can `docker run -u root` or `docker exec -u root`.) What's leading you to try to set this? – David Maze Feb 13 '21 at 22:49
  • @DavidMaze I want to be able to sudo from the user account inside the container and it asks for the user password when I want to sudo (I've added the user to the sudo group with `RUN adduser "${USER}" sudo`) – stdcerr Feb 13 '21 at 23:57
  • @DavidMaze I want to ssh into the container, and that requires a password (don't want a passwordless ssh) – Gulzar Dec 15 '21 at 10:31
  • @DavidMaze you're a genius!! ```docker exec -u root``` is all we need! – Magno C Feb 18 '22 at 18:59

1 Answers1

4

Instead of using passwd, there is another utility for the: chpasswd. I've resolved this by using the following command in my Dockerfile (after creation of the user):

RUN echo "${USER}:pass" | chpasswd

works like a charm!

stdcerr
  • 13,725
  • 25
  • 71
  • 128
  • 6
    getting ` chpasswd: (user ${UNAME}) pam_chauthtok() failed, error: Authentication token manipulation error chpasswd: (line 1, user ${UNAME}) password not changed ` – Gulzar Dec 15 '21 at 10:30
  • 1
    getting the above error too – WalksB Jan 07 '22 at 18:46
  • @WalksB Is this because of [this comment](https://github.com/moby/moby/issues/5704#issuecomment-1362575038)? – VonC Dec 22 '22 at 11:11
  • 1
    @Gulzar In my case "${USER}:pass" expansion was not working I used "root:pass", meaning a hardcoded username and it worked. – Visrut Jan 18 '23 at 17:42
  • Just know that `docker history` for the image will reveal that password in clear text even without access to the Dockerfile. – Peter V. Mørch Aug 04 '23 at 13:18