docker-palworld-dedicated-server icon indicating copy to clipboard operation
docker-palworld-dedicated-server copied to clipboard

Published 20 hours ago verified publisher icon jammsen

[Feature Request] The ability to allow advanced custom scripts

Open Jadiction opened this issue 1 year ago • 5 comments

Have you read the Important information text above

  • [X] Yes i did

Describe the feature

This would allow any advanced user to modify files or have custom scripts running/ran before the server starts, allowing unlimited potential. For example, if I wanted to replace a file, or use linux sed to replace a few words in a file, this would be possible.

I would just mount /mnt/myscripts with a custom.sh file to /opt/custom/.

Then adding something like this at the top of servermanager.sh should suffice:

echo "> Checking for optional scripts"
cp -f /opt/custom/custom.sh /opt/scripts/custom.sh > /dev/null 2>&1 ||:

if [ -f /opt/scripts/custom.sh ]; then
  echo "> Found optional script, executing---"
  chmod -f +x /opt/scripts/custom.sh ||:
  /opt/scripts/custom.sh || echo "> Error thrown in optional script"
else
  echo "> No optional script found, continuing"
fi

Additional information

  • [X] Would you be willing to help implement this feature?

Final checks

  • [X] I understand that this is a feature request function. I also understand that if i use this to report a bug report, that my issue might be un-answered closed.

Jadiction avatar Jun 29 '24 09:06 Jadiction

Hello @Jadiction Thanks for the FR!

When i understand you correctly you want the ability to load custom-scripts inside the servermanager and then start what the servermanager is doing.

Back in the day of creating and reworking the entire codebase (around March 2024) of this project i was also looking into how to do custom-script, like in a event-style. Exampe Pre-Server-Start, Pre-Premission-Setup and others. But i didnt find a solid solution that couldnt be hijacked and miss-used for Trojans, RCEs, Malware and stuff, thats why i dropped the idea. The problem is with this mechanic someone else can make a "bad-version of a good-image" and make it look official and im on the hook for this, thats why i stepped back from it. Back in the days and also today i see this as very major it-security flaw to provide.

Thats why the logs and settings are so much open and wide to config, because when i give basically everything out to docker-compose/env then whats there to custom-load?

If you want a certain mechanic to be added and not a wildcard-custom-code in general i would rather try to talk about a way provide "that specific mechanic". Maybe others benefit from that too.

If you have any other points to make feel free to do it, happy to hear you out.

(In the end i dont really block it either though, the code is open-source you can just clone/fork my repo, add what you like and build your own image, if thats what you like)

jammsen avatar Jun 30 '24 09:06 jammsen

@Jadiction ping

jammsen avatar Jul 14 '24 07:07 jammsen

I understand your security concerns. With the need of a file/script made to be loaded it, someone shouldn't be able to easily grab a malicious batch file and load it in without noticing what the batch file says. If you specify the author in your image, then there shouldn't be any problems with a "bad-version of a good-image." Theoretically someone could grab your image now and modify a few things to act like they made it and then inject malicious scripts into it. In order for someone to somehow misuse the method I suggested of loading a script before the servermanager, they would need access to their server, which at that point, they have way bigger problems. Unless I've overlooked something, this seems to offer more opportunities for customization and advanced features than any negative consequences.

Jadiction avatar Jul 23 '24 13:07 Jadiction

Unless I've overlooked something, this seems to offer more opportunities for customization and advanced features than any negative consequences.

My thoughts went more the way that someone builds a bad guide/gist/video/code with wild curl/wget/run something from the bad-interwebs around my image without me knowing and im the guy who is responsible for that.

But again what would be some mechanics you would see there in an custom-script to the server? I feel like im missing 50% of value of the idea and only have access to 1 question from your mind-brain 😄 - Maybe it makes more sense for me, when i actually understand what the bigger picture looks like. Please share.

jammsen avatar Jul 27 '24 09:07 jammsen

But again what would be some mechanics you would see there in an custom-script to the server?

The possibilities are essentially endless, but it would allow anyone to customize the server/settings how they want. For example if I wanted to translate all your notification strings, I could use sed to replace all the strings to the translated version. I would be able to add custom cron scripts, possibilities for modded / plugin injected servers, the capability to remove a few features that aren't needed/used, additional custom webhooks, etc etc.

The idea of this came from a reputable docker repo - https://github.com/ich777/docker-steamcmd-server (steamcmd docker for hosting Steam games). A lot of people use this, especially Unraid users with the same snippet I posted above and it offers a lot of advancement from users.

Jadiction avatar Aug 04 '24 00:08 Jadiction