docker: Fix $DOCKER_USER (#2057)
We do not try renaming $HOME anymore as there is no good way to do it. We also only try to convert if the user hasn't been changed. Finally I added usage to the docker docs in install.md Closes #2056
This commit is contained in:
parent
4a250be79a
commit
9fb318cf15
@ -39,6 +39,9 @@ COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
|
|||||||
RUN dpkg -i /tmp/code-server*$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
|
RUN dpkg -i /tmp/code-server*$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
|
||||||
|
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
USER coder
|
# This way, if someone sets $DOCKER_USER, docker-exec will still work as
|
||||||
|
# the uid will remain the same. note: only relevant if -u isn't passed to
|
||||||
|
# docker-run.
|
||||||
|
USER 1000
|
||||||
WORKDIR /home/coder
|
WORKDIR /home/coder
|
||||||
ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]
|
ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]
|
||||||
|
@ -1,18 +1,20 @@
|
|||||||
#!/usr/bin/env sh
|
#!/bin/sh
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
if [ "${DOCKER_USER-}" ]; then
|
|
||||||
echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
|
|
||||||
sudo usermod --login "$DOCKER_USER" \
|
|
||||||
--move-home --home "/home/$DOCKER_USER" \
|
|
||||||
coder
|
|
||||||
sudo groupmod -n "$DOCKER_USER" coder
|
|
||||||
|
|
||||||
sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
|
|
||||||
sudo sed -i "s/coder/$DOCKER_USER/g" /etc/fixuid/config.yml
|
|
||||||
export HOME="/home/$DOCKER_USER"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# This isn't set by default.
|
# This isn't set by default.
|
||||||
export USER="$(whoami)"
|
export USER="$(whoami)"
|
||||||
|
|
||||||
|
if [ "${DOCKER_USER-}" != "$USER" ]; then
|
||||||
|
echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
|
||||||
|
# Unfortunately we cannot change $HOME as we cannot move any bind mounts
|
||||||
|
# nor can we bind mount $HOME into a new home as that requires a privileged container.
|
||||||
|
sudo usermod --login "$DOCKER_USER" coder
|
||||||
|
sudo groupmod -n "$DOCKER_USER" coder
|
||||||
|
|
||||||
|
export USER="$(whoami)"
|
||||||
|
|
||||||
|
sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
|
||||||
|
sudo sed -i "s/coder/$DOCKER_USER/g" /etc/fixuid/config.yml
|
||||||
|
fi
|
||||||
|
|
||||||
dumb-init fixuid -q /usr/bin/code-server "$@"
|
dumb-init fixuid -q /usr/bin/code-server "$@"
|
||||||
|
@ -179,10 +179,11 @@ code-server
|
|||||||
# easily access/modify your code-server config in $HOME/.config/code-server/config.json
|
# easily access/modify your code-server config in $HOME/.config/code-server/config.json
|
||||||
# outside the container.
|
# outside the container.
|
||||||
mkdir -p ~/.config
|
mkdir -p ~/.config
|
||||||
docker run -it -p 127.0.0.1:8080:8080 \
|
docker run -it --name code-server -p 127.0.0.1:8080:8080 \
|
||||||
-v "$HOME/.config:/home/coder/.config" \
|
-v "$HOME/.config:/home/coder/.config" \
|
||||||
-v "$PWD:/home/coder/project" \
|
-v "$PWD:/home/coder/project" \
|
||||||
-u "$(id -u):$(id -g)" \
|
-u "$(id -u):$(id -g)" \
|
||||||
|
-e "DOCKER_USER=$USER" \
|
||||||
codercom/code-server:latest
|
codercom/code-server:latest
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user