testing out requiretty

README.md

Build and Run

docker build -t requiretty:centos66 -f Dockerfile .
docker run -it requiretty:centos66

Output

Depth: 1
Currently logged in as: test
Current TTY: /4
Elevated: false
Attempting Elevation to root
sudo: sorry, you must have a tty to run sudo
Attempting Alternate Elevation to root

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for test: Depth: 2
Currently logged in as: root
Current TTY: not a tty
Elevated: true
I am root
I am test
S:\GitHub\docker\requiretty>

Dockerfile

FROM centos:6.6

# Install sudo
RUN yum install -y sudo \
# Clean up yum
 && yum clean all

# Add a test user
RUN adduser test -G wheel \
# Set the test users password to test
 && echo test:test | chpasswd \
# Add the wheel group to sudoers, requiring a password
 && echo '%wheel ALL=(ALL) ALL' > "/etc/sudoers.d/%wheel" \
# Set the correct permissions to the sudoers.d file
 && chmod -v 600 "/etc/sudoers.d/%wheel" \
# Set requiretty for all sudo usage
 && echo 'Defaults requiretty' >> /etc/sudoers

# Set our current user to the test user
USER test
# Add our test script
ADD "test.sh" "/tmp/test.sh"
# Set the working directory
WORKDIR /tmp

#
# Test by detaching from the parent tty, using sestsid, as if the script is a daemon
# cat</dev/null hack to ensure that we can see the output
#
CMD setsid bash -c 'bash /tmp/test.sh';cat</dev/null

test.sh

#!/bin/sh
i=${1:-0}
i=`expr $i + 1`
echo "Depth: $i"
echo "Currently logged in as: $(whoami)"
echo "Current TTY: $(tty)"
if [[ `whoami` != "root" ]]; then
  echo "Elevated: false";

  echo "Attempting Elevation to root"
  echo test | sudo -S sh -c "$0 $i"

  echo "Attempting Alternate Elevation to root"
  open_init_pty sh -c " echo test | sudo -S $0 $i"
else
  echo "Elevated: true"
fi

echo "I am $(whoami)"