Gaining Sudo Access Using Docker in a University Lab

October 19, 2024

For months, I had been trying to find a way to get sudo access on my university's lab computers. As students, we didn't have any administrative privileges—no sudo, no root, nothing. The system seemed locked down tight. Every reboot, the /home directory reset, which made it feel like the system was immutable. But something didn’t add up.

A Lucky Discovery: Docker Group

One day, while looking into the system setup, I noticed something interesting: my user was in the docker group. This caught my eye because I remembered reading in the Gentoo Wiki that having Docker access can be just as powerful as root access. This made me realize there might be a way to leverage Docker to gain the control I needed.

Researching the Possibilities

I turned to Google and started exploring what I could do with Docker access. The possibilities were huge because Docker runs containers that act like mini virtual machines, and with root privileges in the container, you have a lot of power. One guide suggested that I could spin up a Docker container running Ubuntu, and from there, I could modify system files as if I were root.

Spinning Up the Container

I quickly set up a Docker container running Ubuntu. Once inside the container, I was effectively running with root privileges inside that environment. From there, I could start poking around in the system. My goal was to modify the sudoers file—the file that controls who has sudo access on the machine.

Editing the Sudoers File

Inside the container, I mounted the host’s file system, giving me access to crucial system files. Then, I edited the sudoers file to grant my user sudo access. To be safe, I made sure I was adding the correct syntax (myusername ALL=(ALL:ALL) ALL) to avoid locking myself out.

Once that was done, I exited the container and logged back in as my regular user. I tested sudo… and it worked! After months of trying different approaches, I finally had full administrative access.

Persistent Access Across Reboots

At first, I was worried that this was just a temporary fix, but I noticed something about the system's behavior. While the /home directory was wiped clean and restored from a tarball every time the system rebooted, the actual system files weren’t as locked down as they seemed. The changes I made to the sudoers file persisted across reboots.

This made it clear that the system wasn’t truly immutable. It just had a mechanism to reset student environments, making it look that way.

Conclusion

With Docker access, even on locked-down systems, you can do a lot more than it might seem at first glance. The experience taught me that having Docker privileges is a significant level of access, one that can lead to root-like control if used strategically.

written by jabuxas contact info: jabuxas@proton.me