Skip to content

Instantly share code, notes, and snippets.

@franga2000
Created May 8, 2019 22:39
Show Gist options
  • Save franga2000/1bb1e551c7335128d2301c02ce33f9dd to your computer and use it in GitHub Desktop.
Save franga2000/1bb1e551c7335128d2301c02ce33f9dd to your computer and use it in GitHub Desktop.
Quite possibly the most horrific command I have ever written
# This is quite possibly the most horrific command I have ever written
# So... There's this thing (code-server) that runs in a Docker container.
# For some reason, the Dockerfile creates a new user for itself with the UID 1000 and that is the only UID it can properly run as.
# If I try to run it with a different UID (--user), it complains because it can't access a whole bunch of stuff.
# But I need it to run under UID 1001 and also be in the www-data group.
# So, in short:
# First, I give the container all privileges and mount the FUSE device so I can use bindfs.
# I mount the dir I want into ~/project_real set the entrypoint to a shell.
# Through the shell, I bindfs and use it to mount ~/project_real into ~/project (the dir the app uses)
# In the bindfs mapping I first map UID 1001 to 1000 (so it can access 1001's stuff).
# To make sure it can't access the REAL 1000's stuff, I also map 1000 one to 1001 (anything else would work too)
# After all that, I have to add the user to www-data (which, thankfully, matches the GID on the host).
# But since groups aren't updated until you log in again, I use su (through sudo, so I don't need a password) to start a new session.
# Inside that new session, I can finally run code-server -- the app that I've been trying to run this whole time.
# (well, there is the whole dumb-init thing, but that's a rant for another day)
docker run \
--device /dev/fuse \
--privileged \
--entrypoint=/bin/sh \
-it \
--rm \
-p 8401:8443 \
-v "/var/www:/home/coder/project_real" \
--entrypoint=/bin/sh codercom/code-server \
-c '\sudo apt install bindfs -y \
&& sudo bindfs --map=1000/1001:1001/1000 /home/coder/project_real /home/coder/project \
&& sudo adduser coder www-data \
&& sudo su coder -c '\''\
dumb-init code-server \
--allow-http'\'''
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment