Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

start.sh may force permissions change on mounted directories #12

Open
Trophime opened this issue Dec 13, 2017 · 8 comments
Open

start.sh may force permissions change on mounted directories #12

Trophime opened this issue Dec 13, 2017 · 8 comments

Comments

@Trophime
Copy link
Member

Hi,
I'm having some problems with start.sh script.
Imagine that I run feelpp/feelpp-toolboxes with this command line:

docker run -it --rm -v /home/me/data:/home/user/data -e LOCAL_USER_ID=`id -u $USER` ..

Since there is a chmod -R user.user $HOME in start.sh the permissions on /home/me/data will be forced to user.user which shall not append!
@prudhomm
Copy link
Member

the id won't be changed since they (me and user) share the same id.

@prudhomm
Copy link
Member

the idea is that user is actually me

@Trophime
Copy link
Member Author

Trophime commented Dec 13, 2017
edited
Loading

right but if you forget to add -e LOCAL_USER_ID=id -u $USER I have the pb.
I mean that in this case user is actually feelpp (aka 9001 id)
and then chmod -R user.user $HOME (run as root in docker) becomes problematic for directory data

@prudhomm
Copy link
Member

prudhomm commented Dec 13, 2017
edited
Loading

indeed, we could detect that and avoid doing the chmod in that case.
but I think it would be bad practice to do like that (mounting in /home/user)!!
use /feel instead and you are done with this issue

@Trophime
Copy link
Member Author

yep but at least there should be a clear WARNING to avoid mounting directory into /home/user

@prudhomm
Copy link
Member

I agree.

@Trophime
Copy link
Member Author

This kind of script may fix the problem

!/bin/bash

USER_ID=${LOCAL_USER_ID:-9001}

echo "Starting with UID : $USER_ID"
if [ "$USER_ID" != "9001" ]; then
   useradd -m -s /bin/bash -d /home/user -u $USER_ID -G sudo,video user
   echo "user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user

   # cp /home/feelpp/WELCOME /home/user
   cp -f /home/feelpp/.bash_aliases /home/user
   cp -f /home/feelpp/.bashrc /home/user

   # check for mounted directories in /home/user
   declare -a MountedDir
   declare -a MountedDirUid
   declare -a MountedDirGid

   for dir in $(find /home/user -type d); do
       status=$(mount -f | grep $dir); 
       if [ "x$status" != "x" ]; then 
           dir_uid=$(ls -gn $dir | awk  '{print $3}')
           dir_gid=$(ls -gn $dir | awk  '{print $3}')
           MountedDir=("${MountedDir[@]}" "$dir")
           MountedDirUid=("${MountedDirUid[@]}" "$dir_uid")      
           MountedDirGid=("${MountedDirGid[@]}" "$dir_gid")
           echo "!!! $dir(user=${dir_uid}, group=${dir_gid}  is mounted !!!" 
       fi
   done

   # Note this may be problematic if there are directories mounted in /home/user
   chown -R user.user /home/user

   # restore permissions on mounted directories if any
   for i in "${MountedDir[@]}"; do
       echo "Restore permissions on $MountedDir[$i]: $MountedUidDir[$i]:$MountedGidDir[$i]"
       chown $MountedUidDir[$i]:$MountedGidDir[$i] $MountedDir[$i]/*
       chown $MountedUidDir[$i]:$MountedGidDir[$i] $MountedDir[$i]/.
   done

   export HOME=/home/user
   exec /usr/sbin/gosu user bash
else
   export HOME=/home/user
   exec /usr/sbin/gosu feelpp bash
fi

@prudhomm
Copy link
Member

prudhomm commented Feb 4, 2018

I will integrate that asap

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prudhomm @Trophime