--sudouser: sudo without password?

[badele]

By checking if the option NOPASSWD:ALL existing with --sudouser option

I could see that this one existed in 2015 and document code

Why this function is disabled (i think for security reason :) )? Can we add new option (ex: --nopassword or --sudonopass, etc ..) or must we be dot it in our Dockerfile ?

[mviereck]

It seemed to me it would be better to run sudo with a password. The password is x11docker and shown in terminal on x11docker startup.

I would not like to add an option like --sudonopass; evil applications can easily detect a passwordless sudo. It is not a great security layer with password x11docker as a special malware written for x11docker would know it. But at least it would have to know it. Though, you can change the password in x11docker code:

Benutzerpasswort="sac19FwGGTx/A"    # encrypted password "x11docker", suits /etc/shadow. 
# Created with: perl -e 'print crypt("x11docker", "salt"),"\n"'

sudo in x11docker containers is rather useless as all system changes will be discarded when the container stops. Its purpose is for experimental changes on the fly in a running container before including them in Dockerfile.

Direct changes with RUN ... in /etc/sudoers in Dockerfile will be overwritten by x11docker, and that is intended. But you can add this in your ENTRYPOINT script /usr/local/bin/start:

echo x11docker | sudo --stdin su -c "echo \"$USER ALL=(ALL) NOPASSWD:ALL\"  > /etc/sudoers"
echo x11docker | sudo --stdin su -c "echo \"root ALL=(ALL) ALL\" >> /etc/sudoers"

[mviereck]

Argh, wrong "'quotes'". Sorry, will edit my answer

[mviereck]

ok, try again with

echo x11docker | sudo --stdin su -c "echo \"$USER ALL=(ALL) NOPASSWD:ALL\"  > /etc/sudoers"
echo x11docker | sudo --stdin su -c "echo \"root ALL=(ALL) ALL\" >> /etc/sudoers"

[badele]

Thanks, it works like a charm :)