Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
Setting a SUDO_PASSWORD_HASH value that has a / character results in either an incorrect value being set OR the error: sed: -e expression #1, char 88: unterminated `s' command when trying to set the value in /etc/shadow.
root/etc/s6-overlay/s6-rc.d/init-openvscode-server/run:
Changing that line to this works:
sed -i "s|^abc:\!:|abc:$(echo "${SUDO_PASSWORD_HASH}" | sed 's|/|\\/|g'):|" /etc/shadow
Expected Behavior
Setting a SUDO_PASSWORD_HASH value that has a / character correctly sets the password hash in /etc/shadow
Steps To Reproduce
- Create password hash in secret file (plain text value is 'password' in order to repro)
echo '$y$j9T$tcfKa/ZPa7BItu/yD8d.g1$ltS7XCkWm7Gq2CwtKQB9QOywCvZP99vE146fMZPU6TA' > secrets/SUDO_PASSWORD_HASH
Note: escaping the $ and / characters here does not work when using secret as it does when passing the value as a command line arg (e.g., -e SUDO_PASSWORD_HASH="\$y\$j9T\$tcfKa/ZPa7BItu/yD8d.g1\$ltS7XCkWm7Gq2CwtKQB9QOywCvZP99vE146fMZPU6TA").
docker secret create SUDO_PASSWORD_HASH secrets/SUDO_PASSWORD_HASH
docker run --rm \
--secret SUDO_PASSWORD_HASH \
-e FILE__SUDO_PASSWORD_HASH=/run/secrets/SUDO_PASSWORD_HASH \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Etc/UTC \
-p 127.0.0.1:3000:3000 \
lscr.io/linuxserver/openvscode-server:latest
root@1d0f768fd89b:/# cat /etc/shadow
root:*:20182:0:99999:7:::
...
abc:!:20193:0:99999:7:::
Environment
- OS: Mac Sonoma 14.4
- How docker service was installed: Standard docker installCPU architecture
arm64
Docker creation
docker run --rm \
--secret SUDO_PASSWORD_HASH \
-e FILE__SUDO_PASSWORD_HASH=/run/secrets/SUDO_PASSWORD_HASH \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Etc/UTC \
-p 127.0.0.1:3000:3000 \
lscr.io/linuxserver/openvscode-server:latestContainer logs
[migrations] started
[migrations] no migrations found
[env-init] Your secret: FILE__SUDO_PASSWORD_HASH
contains a trailing newline and may not work as expected
[env-init] SUDO_PASSWORD_HASH set from FILE__SUDO_PASSWORD_HASH
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 1000
───────────────────────────────────────
Linuxserver.io version: 1.98.2-ls168
Build-date: 2025-04-19T06:51:11+00:00
───────────────────────────────────────
setting up sudo access
adding abc to sudoers
setting sudo password using sudo password hash
sed: -e expression #1, char 88: unterminated `s' command
setting permissions::config
setting permissions::app
[custom-init] No custom files found, skipping...
**** No connection token is set ****
Server bound to 0.0.0.0:3000 (IPv4)
Extension host agent listening on 3000
[19:25:43]
Web UI available at http://localhost:3000
[19:25:43] Extension host agent started.
[19:25:43] Started initializing default profile extensions in extensions installation folder. file:///config/.openvscode-server/extensions
[19:25:43] Completed initializing default profile extensions in extensions installation folder. file:///config/.openvscode-server/extensions
Connection to 127.0.0.1 3000 port [tcp/*] succeeded!
[ls.io-init] done.Metadata
Metadata
Assignees
Type
Projects
Status