ocrd_controller/start-sshd.sh at master · slub/ocrd_controller · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#! /bin/bash
# avoid repeating file actions when restarting container:
if ! grep -q ^ocrd: /etc/passwd; then

# copy the mounted credentials into the user dir
cat /authorized_keys >> /.ssh/authorized_keys

# silence the greeting
> /.hushlogin

# re-use most of the environment from root (i.e. Dockerfile)
set | fgrep -ve BASH > /.ssh/environment

# make "ocrd" look like the UID/GID user (to fit the volume permissions)
mkdir -p /.parallel
chown -R $UID:$GID /.parallel
chmod go-rwx /.ssh/*
chown $UID:$GID /.ssh/*
echo ocrd:x:$UID:$GID:SSH OCR user:/:/bin/bash >> /etc/passwd
echo admin:x:$UID:$GID:SSH control user:/:/bin/bash >> /etc/passwd
echo ocrd:*:19020:0:99999:7::: >> /etc/shadow
echo admin:*:19020:0:99999:7::: >> /etc/shadow

# wait for WORKERS semaphore before continuing (to prevent oversubscription)
# "wait $$" is not allowed, because sem runs it in a subshell of $$
# (so instead, we use tail --pid)
# also, we cannot use $$ directly, because SSHRC is not sourced but execd
# (so instead, we use the parent of the parent PID)
echo 'test x$USER != xocrd && exit' >> /.ssh/rc
echo 'parent=$(ps -o ppid:1= $PPID)' >> /.ssh/rc
echo "workers=${WORKERS:-1}" >> /.ssh/rc
echo 'sem --will-cite -j $workers --bg --id ocrd_controller_job tail --pid $parent -f /dev/null' >> /.ssh/rc

# disable kernel logging to allow unpriviledged rsyslog
/bin/sed -i '/imklog/s/^/#/' /etc/rsyslog.conf

fi

# start Syslog in the background
service rsyslog start

# start OpenSSH in the background
#/usr/sbin/sshd -D -e
service ssh start

# show Syslog in the foreground (for easy "docker logs" passing)
sleep 1
tail -f /var/log/syslog