'Impossible to instantiate a bash restricted with docker on a default user? [duplicate]

So I'm just starting with scripting system so I probably make huge mistakes.

I'm trying to create users, one with full privilege and one with no privilege ( rbash, restricted bin, etc... )

Here is my script:

#!/bin/sh
purple='\e[0;35m'
red='\033[0;31m'
neutre='\e[0;m'
echo "${purple}CREATE USER${neutre}"
if grep "flush:" /etc/group > /dev/null;
then
    echo "${red}GROUP FLUSH ALREADY EXIST${neutre}"
else
    groupadd -r flush
fi
if grep "flush:" /etc/passwd > /dev/null;
then
    echo "${red}USER FLUSH ALREADY EXIST${neutre}"
else
    useradd -g flush -m flush -s /bin/bash -d /home/flush
    echo "flush:$PASSWORD" | chpasswd
    echo "root:$PASSWORD" | chpasswd
    chown -R flush:flush /home/flush
    chgrp -R flush /var/www/html
    chmod -R 700 /home/flush
fi
if grep "flush-user:" /etc/group > /dev/null;
then
    echo "${red}GROUP FLUSH-USER ALREADY EXIST${neutre}"
else
    groupadd -g 501000 -r flush-user
fi
if grep "flush-user:" /etc/passwd > /dev/null;
then
    echo "${red}USER FLUSH-USER ALREADY EXIST${neutre}"
else
    if ls /bin/rbash > /dev/null
    then
        echo "${red}rbash exist !${neutre}"
        rm -Rf /bin/rbash
        ln -s /bin/bash /bin/rbash
    else
        ln -s /bin/bash /bin/rbash
    fi
    useradd -rm -u 501000 -g flush-user -s /bin/rbash -c "Unprivileged User" -d /home/flush-user/ flush-user
    echo "flush-user:flush-user" | chpasswd
    mkdir -p /home/flush-user/bin
    chown -R flush-user:flush-user /home/flush-user/
    echo PATH=/home/flush-user/bin > /home/flush-user/.bash_profile
#     export PATH=/home/flush-user/bin
    chown root:root /home/flush-user/.bash_profile
    chmod 755 /home/flush-user/.bash_profile
fi
mkdir -p var/cache var/log

I execute this script in a dockerfile so that when I mount my images everything is ready to use.

My dockerfile:

FROM php:8-apache

LABEL maintener="stollpy"

WORKDIR /var/www/html

ARG APP_ENV
ARG PASSWORD

## COPY SCRIPT
COPY ./script/run-script.sh ./
COPY ./script/install.sh ./
COPY ./script/user.sh ./
COPY ./vhosts/vhosts.conf /etc/apache2/sites-enabled/apache2.conf

USER root

RUN chmod +x ./run-script.sh
RUN APP_ENV=$APP_ENV PASSWORD=$PASSWORD sh ./run-script.sh --no-cache

# Install extention docker
RUN docker-php-ext-configure intl
RUN docker-php-ext-install pdo pdo_mysql gd opcache intl calendar dom mbstring gd zip xsl
RUN docker-php-ext-enable amqp apcu

COPY ./script/entrypoint.bash /usr/local/bin/docker-entrypoint
RUN chmod +x /usr/local/bin/docker-entrypoint

EXPOSE 80 443\

## user default
WORKDIR /home/flush-user
USER flush-user

ENTRYPOINT ["bash", "/usr/local/bin/docker-entrypoint"]

When I connect to my container with this command :

docker exec -ti flush_service bash

I am redirected to an unrestricted bash ... I know I'm asking to be redirected to a bash in my docker command but I'm trying to make sure that if we connect to our container, the default user is flush-user and that the latter is only a rbash.

If I cat in /etc/passwd I can see that my user has a rbash defined but it is not used ...

Is this possible, if so do you have any ideas?

flush-user@f9be52535067:/home/flush-user$ fh
bash: fh: command not found
flush-user@f9be52535067:/home/flush-user$ cat /etc/passwd  
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
flush:x:1000:999::/home/flush:/bin/bash
flush-user:x:501000:501000:Unprivileged User:/home/flush-user/:/bin/rbash
flush-user@f9be52535067:/home/flush-user$
flush-user@f9be52535067:/home/flush-user$ cd /
flush-user@f9be52535067:/$
linuxbashdocker


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions