znc-docker icon indicating copy to clipboard operation
znc-docker copied to clipboard
verified publisher icon znc

Docker ZNC and oidentd.

Open cebor opened this issue 7 years ago • 3 comments

Hi,

is there a way to use an identfile with znc in docker?

Oident is installed on my Docker Host, but don't know to which user the incoming ident requests are mapped. Where i have to place my .oidentd.conf.

Thank you for your help. KR

cebor avatar Feb 24 '18 15:02 cebor

That's a hard one. Technically UID is 1000, which is probably what oidentd sees, but if you configure identfile module to write a file in the home directory of a user on host machine with the same uid, such setup will be confusing.

I think it would be better to install identfile (or identserver) inside the container, and publish port 113.

If you want to handle ident requests also outside of the ZNC container, NAT support in the host identd may be needed... Try to play with flags -m -f -P of oidentd?

DarthGandalf avatar Feb 25 '18 23:02 DarthGandalf

I did it like this: On the host I have

/usr/sbin/oidentd -f -u oidentd -g oidentd

and in the container I start oidentd before I start znc:

{ /usr/sbin/oidentd -u nobody -g nobody -i -P `route | awk '/^default\s+/ { print $2 }'` &> "$DATADIR/.oidentd.log" & } || exit 33

(where "$DATADIR/.oidentd.log" is writable by nobody). In addition I also set znc's home dir (in the container) to /znc-data

{ awk -F ':' '/^znc/ { print $3 }' /etc/group | egrep -qE "^$ZNC_GID\$" || groupmod --gid $ZNC_GID znc; } && \
                { awk -F ':' '/^znc/ { print $3 }' /etc/passwd | egrep -qE "^$ZNC_UID\$" || usermod --uid $ZNC_UID znc; } && \
                { awk -F ':' '/^znc/ { print $4 }' /etc/passwd | egrep -qE "^$ZNC_GID\$" || usermod -g $ZNC_GID znc; } && \
                { awk -F ':' '/^znc/ { print $6 }' /etc/passwd | egrep -qE "^\/znc-data\$" || usermod -d "/znc-data" znc; } || exit 32

This gives me log entries on the host like:

oidentd[<pid>]: Connection from efnet.deic.dk (130.226.213.194):12504
oidentd[<pid>]: [<CONTAINER_IP>] Successful lookup (by forward): 56377 (56377) , 6697 (6697) : <ident>

tsjk avatar Nov 10 '19 14:11 tsjk

I also have a Dockerfile with some additions, of course.

FROM znc:latest

ARG ARG_ZNC_UID=113
ARG ARG_ZNC_GID=995

ENV ZNC_UID=$ARG_ZNC_UID \
        ZNC_GID=$ARG_ZNC_GID

RUN apk add --no-cache --virtual my-dependencies oidentd shadow

COPY startup-sequence/* /startup-sequence/
COPY etc/* /etc/

where the additions etc/* contains an oidentd config while those in startup-sequence/* sets up oidentd in the container (like above). The interested will likely fill in the blanks with ease. The change of znc's uid and gid in the container is done for aesthetic reasons.

tsjk avatar Nov 10 '19 15:11 tsjk