-
-
Save paulojeronimo/427120725370208fb5713f20be982761 to your computer and use it in GitHub Desktop.
Gosu usage in Docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
# Change uid and gid of node user so it matches ownership of current dir | |
if [ "$MAP_NODE_UID" != "no" ]; then | |
if [ ! -d "$MAP_NODE_UID" ]; then | |
MAP_NODE_UID=$PWD | |
fi | |
uid=$(stat -c '%u' "$MAP_NODE_UID") | |
gid=$(stat -c '%g' "$MAP_NODE_UID") | |
echo "dev ---> UID = $uid / GID = $gid" | |
export USER=dev | |
usermod -u $uid dev 2> /dev/null && { | |
groupmod -g $gid dev 2> /dev/null || usermod -a -G $gid dev | |
} | |
fi | |
echo "**** GOSU dev $@ ..." | |
exec /usr/local/bin/gosu dev "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu | |
RUN apt-get install ... | |
# grab gosu for easy step-down from root | |
ENV GOSU_VERSION 1.10 | |
RUN set -x \ | |
&& curl -sSLo /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ | |
&& curl -sSLo /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ | |
&& export GNUPGHOME="$(mktemp -d)" \ | |
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ | |
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ | |
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ | |
&& chmod +x /usr/local/bin/gosu \ | |
&& gosu nobody true | |
# Add local user 'dev' | |
RUN groupadd -r dev --gid=9001 && useradd -r -g dev --uid=9001 dev | |
# Grant him sudo privileges | |
RUN echo "dev ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/dev && \ | |
chmod 0440 /etc/sudoers.d/dev | |
# Do stuff with this user if needed | |
USER dev | |
ENV HOME /home/dev | |
WORKDIR $HOME | |
RUN ... | |
# Repass root | |
USER root | |
# Copy entrypoint | |
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh | |
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] | |
CMD ["bash"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Add local user | |
# Either use the LOCAL_USER_ID if passed in at runtime or | |
# fallback | |
USER_ID=${LOCAL_USER_ID:-9001} | |
echo "Starting with UID : $USER_ID" | |
useradd --shell /bin/bash -u $USER_ID -o -c "" -m user | |
export HOME=/home/user | |
exec /usr/local/bin/gosu user "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM alpine | |
RUN apk add --update --no-cache su-exec && \ | |
rm -rf /var/cache/apk/* | |
# Add entrypoint to dynamically change user uid when a container is started | |
COPY entrypoint.sh /usr/local/bin/entrypoint.sh | |
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment