Hello :)
As the title says its more of a question than a issue. I'm currently using your icinga2 docker image in combination with your helm chart for Kubernetes. I'm playing around a bit and already have a Icinga master setup running locally. Everything works fine (for now at least😄)
What I noticed was that I was not able to use the icinga nor the root user in my container to shell into it to change some configuration files (zones.conf, hosts.conf etc.)
Using K9s I'm able to open a terminal in the container which by default uses the Icinga user which is weird because you guys set the user to inactive and don't give it a password by default using the --disabled-login flag while adding the user in your Dockerfile. I guess K9s doesn't care and does some fancy stuff in the background to make that happen😃
I can use the Icinga user to navigate through the container and look into Icinga related files using cat but I can't edit or add new files since by default there is no text editor like nano or vi installed. That would not be a big issue since I would just install a editor of my choice myself using apt but for that I need sudo permissions or the root user. If I try to use the sudo apt install command it asks me for the password of the Icinga user (which I obviously don't have) and sadly I also don't know the password of the root user. I would just use the root user to give the Icinga user a password or create another user and add him to the sudoers file.
So I'm effectively locked out of the container and have no way of installing a editor or add a new user with the required permissions to install stuff. I could edit the Dockerfile beforehand to install a editor or to either add the Icinga user and set it to active + give it a password to be able to use sudo or create a different user for that use case but I would like to have that "from factory"
So what was the reason behind locking the icinga user to only run the service/daemon and not giving the user a way to use the root user or just create a another standard user with sudo permissions which then can be used to shell into the container and change + add files and download a editor? Was it myabe because of security concerns or something?
If there is something that I might have overlooked or misunderstood please tell me 👍
Thank you very much in advance!
Best Regards!
Hello :)
As the title says its more of a question than a issue. I'm currently using your icinga2 docker image in combination with your helm chart for Kubernetes. I'm playing around a bit and already have a Icinga master setup running locally. Everything works fine (for now at least😄)
What I noticed was that I was not able to use the icinga nor the root user in my container to shell into it to change some configuration files (zones.conf, hosts.conf etc.)
Using K9s I'm able to open a terminal in the container which by default uses the Icinga user which is weird because you guys set the user to inactive and don't give it a password by default using the --disabled-login flag while adding the user in your Dockerfile. I guess K9s doesn't care and does some fancy stuff in the background to make that happen😃
I can use the Icinga user to navigate through the container and look into Icinga related files using
catbut I can't edit or add new files since by default there is no text editor like nano or vi installed. That would not be a big issue since I would just install a editor of my choice myself usingaptbut for that I need sudo permissions or the root user. If I try to use thesudo apt installcommand it asks me for the password of the Icinga user (which I obviously don't have) and sadly I also don't know the password of the root user. I would just use the root user to give the Icinga user a password or create another user and add him to the sudoers file.So I'm effectively locked out of the container and have no way of installing a editor or add a new user with the required permissions to install stuff. I could edit the Dockerfile beforehand to install a editor or to either add the Icinga user and set it to active + give it a password to be able to use sudo or create a different user for that use case but I would like to have that "from factory"
So what was the reason behind locking the icinga user to only run the service/daemon and not giving the user a way to use the root user or just create a another standard user with sudo permissions which then can be used to shell into the container and change + add files and download a editor? Was it myabe because of security concerns or something?
If there is something that I might have overlooked or misunderstood please tell me 👍
Thank you very much in advance!
Best Regards!