Skip to content

su - oracle permission denied #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
omarsawalhah opened this issue Aug 20, 2017 · 1 comment
Open

su - oracle permission denied #4

omarsawalhah opened this issue Aug 20, 2017 · 1 comment
Assignees

Comments

@omarsawalhah
Copy link

After SSHed to the container, I tried to "su" to oracle user, I got the following

su: cannot open session: Permission denied

@Dani3lSun Dani3lSun self-assigned this Aug 20, 2017
@Dani3lSun
Copy link
Owner

Hi @omarsawalhah
this problem is due to missing rights inside of the docker container. Per default a docker container runs with unprivileged rights...
You have multiple possibilities now.

1) Connect directly as oracle using SSH

ssh oracle@localhost -p 2222

2) Using gosu instead of su
Thus the build is bundled with gusu you can use it like:

gosu oracle bash

gosu is required because only containers can run in privileged mode, during build there is no privileged mode so I bundled gosu with this image...

3) Run container with privileged rights
By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all devices
So the docker run command would be like:

docker run -d --name <your-docker-container-name> -p <local-ssh-port>:22 -p <local-http-port>:8080 -p <local-db-listener-port>:1521 -v /dev/shm --tmpfs /dev/shm:rw,nosuid,nodev,exec,size=2g --privileged <your-docker-image-name>

4) Run container with more Linux capabilities
This is like --privileged but more selective, you give only higher rights to chosen capabilities instead of running the whole container in privileged mode. If you choose solution 3 or 4 I would go for this solution because it´s more secure to only allow certain capabilities instead of all.
So the docker run command would be like:

docker run -d --name <your-docker-container-name> -p <local-ssh-port>:22 -p <local-http-port>:8080 -p <local-db-listener-port>:1521 -v /dev/shm --tmpfs /dev/shm:rw,nosuid,nodev,exec,size=2g --cap-add SYS_RESOURCE <your-docker-image-name>

I will add this notes to the readme, so other people know how to configure it...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants