Docker (in)security to the Rescue

1 minute read

How Not to Diff Config Files

While cleaning up some new config files under /etc I accidentally deleted my /etc/shadow file (aka password file). Oh shit. Note that I typed rm not meld as intended. Oh snap. Quick! Try to recover if sudo will let me back in without a password:

$ sudo rm /etc/shadow /etc/shadow.pacnew
$ sudo su -
su: Authentication service cannot retrieve authentication info

Fail. Of course I can’t ssh back in as root because that’s locked down.

I prepared for a reboot and an adventure into single user mode. When suddenly my annoyance with Docker security returned to the rescue!

Docker and Backups to the Rescue

Why don’t I just mount my root file system and run a container as the root user with a volume mount of my broke file system?

$ docker run -v /:/wtf --rm -it ubuntu cp /wtf/mnt/backup/core/etc/shadow /wtf/etc/shadow

Done. What did I learn? docker >> sudo

If I didn’t have a back-up I could just use the Docker container to write a new shadow file.

Case for Backups

Who doesn’t keep back-ups these days? Back-ups primarily protect me from sketchy btrfs incidents with the second biggest offender being myself when armed with a keyboard. Somewhere at the end of the spectrum is hardware failure and physical loss.

Twitter Facebook Google+ LinkedIn

Kyle Manna

Docker (in)security to the Rescue

How Not to Diff Config Files

Docker and Backups to the Rescue

Case for Backups

Comments

FriendlyElec NanoPi R5S as PTP Grandmaster Clock with GNSS/GPS Discipline

Danger: AVJONE NC318 WiFi Smart Outlet is an Electrocution and Fire Hazard

AVJONE NC318 WiFi Smart Outlet Power Plug with Tasmota and 2xUSB Ports

Sniffer Air Quality (AQI) Monitor using ESP32 + PMSA003 + BME680