Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker ZNC and oidentd. #9

Open
cebor opened this issue Feb 24, 2018 · 3 comments
Open

Docker ZNC and oidentd. #9

cebor opened this issue Feb 24, 2018 · 3 comments

Comments

@cebor
Copy link

cebor commented Feb 24, 2018

Hi,

is there a way to use an identfile with znc in docker?

Oident is installed on my Docker Host, but don't know to which user the incoming ident requests are mapped. Where i have to place my .oidentd.conf.

Thank you for your help.
KR
@DarthGandalf
Copy link
Member

That's a hard one. Technically UID is 1000, which is probably what oidentd sees, but if you configure identfile module to write a file in the home directory of a user on host machine with the same uid, such setup will be confusing.

I think it would be better to install identfile (or identserver) inside the container, and publish port 113.

If you want to handle ident requests also outside of the ZNC container, NAT support in the host identd may be needed... Try to play with flags -m -f -P of oidentd?

@tsjk
Copy link

tsjk commented Nov 10, 2019

I did it like this:
On the host I have

/usr/sbin/oidentd -f -u oidentd -g oidentd

and in the container I start oidentd before I start znc:

{ /usr/sbin/oidentd -u nobody -g nobody -i -P `route | awk '/^default\s+/ { print $2 }'` &> "$DATADIR/.oidentd.log" & } || exit 33

(where "$DATADIR/.oidentd.log" is writable by nobody).
In addition I also set znc's home dir (in the container) to /znc-data

{ awk -F ':' '/^znc/ { print $3 }' /etc/group | egrep -qE "^$ZNC_GID\$" || groupmod --gid $ZNC_GID znc; } && \
                { awk -F ':' '/^znc/ { print $3 }' /etc/passwd | egrep -qE "^$ZNC_UID\$" || usermod --uid $ZNC_UID znc; } && \
                { awk -F ':' '/^znc/ { print $4 }' /etc/passwd | egrep -qE "^$ZNC_GID\$" || usermod -g $ZNC_GID znc; } && \
                { awk -F ':' '/^znc/ { print $6 }' /etc/passwd | egrep -qE "^\/znc-data\$" || usermod -d "/znc-data" znc; } || exit 32

This gives me log entries on the host like:

oidentd[<pid>]: Connection from efnet.deic.dk (130.226.213.194):12504
oidentd[<pid>]: [<CONTAINER_IP>] Successful lookup (by forward): 56377 (56377) , 6697 (6697) : <ident>

@tsjk
Copy link

tsjk commented Nov 10, 2019

I also have a Dockerfile with some additions, of course.

FROM znc:latest

ARG ARG_ZNC_UID=113
ARG ARG_ZNC_GID=995

ENV ZNC_UID=$ARG_ZNC_UID \
        ZNC_GID=$ARG_ZNC_GID

RUN apk add --no-cache --virtual my-dependencies oidentd shadow

COPY startup-sequence/* /startup-sequence/
COPY etc/* /etc/

where the additions etc/* contains an oidentd config while those in startup-sequence/* sets up oidentd in the container (like above). The interested will likely fill in the blanks with ease.
The change of znc's uid and gid in the container is done for aesthetic reasons.

@DarthGandalf DarthGandalf mentioned this issue Oct 9, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DarthGandalf @cebor @tsjk