From b6fb3b396bd48bc434590d3a6723157144d7f924 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Tue, 28 Mar 2023 19:52:42 -0600 Subject: [PATCH] Do not switch gid/uid for root and system users --- app/data/container-build/cerc-builder-js/Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/app/data/container-build/cerc-builder-js/Dockerfile b/app/data/container-build/cerc-builder-js/Dockerfile index 71c770c0..d8475d2b 100644 --- a/app/data/container-build/cerc-builder-js/Dockerfile +++ b/app/data/container-build/cerc-builder-js/Dockerfile @@ -17,12 +17,16 @@ ARG NPM_GLOBAL=/usr/local/share/npm-global # Add NPM global to PATH. ENV PATH=${NPM_GLOBAL}/bin:${PATH} +SHELL ["/bin/bash", "-c"] + RUN \ - if [ ${CERC_HOST_GID} -ne 1000 ] ; then \ - groupmod -g ${CERC_HOST_GID} ${USERNAME} ; \ + # Don't switch container uid/gid if the host uid/gid is 1000 (which means it's already correct), + # or root (which won't work anyway) or <= 100 (which also won't work). + if [[ ${CERC_HOST_GID} -ne 1000 && ${CERC_HOST_GID} -ne 0 && ${CERC_HOST_GID} -gt 100 ]]; then \ + groupmod -g ${CERC_HOST_GID} ${USERNAME}; \ fi \ - && if [ ${CERC_HOST_UID} -ne 1000 ] ; then \ - usermod -u ${CERC_HOST_UID} -g ${CERC_HOST_GID} ${USERNAME} && chown ${CERC_HOST_UID}:${CERC_HOST_GID} /home/${USERNAME} ; \ + && if [[ ${CERC_HOST_UID} -ne 1000 && ${CERC_HOST_UID} -ne 0 && ${CERC_HOST_UID} -gt 100 ]]; then \ + usermod -u ${CERC_HOST_UID} -g ${CERC_HOST_GID} ${USERNAME} && chown ${CERC_HOST_UID}:${CERC_HOST_GID} /home/${USERNAME}; \ fi RUN \