A single version of runas using gosu.

content/docker_uid.rst

@@ -23,9 +23,9 @@ The trivial solution is to run the container with the correct user id, like so
     gid="$(id -g)"
     docker run -v "$PWD:/volume" --user "$uid:$gid" buildimage make
 
-I personally find it a tiresome after the 3rd time I had to rebuild the
+I personally find it a tiresome after the 3rd time I had to `sudo chown` the
 project because I forgot to specify the uid and gid and it's a (low) barrier
-to entry for new users.
+of entry for new users.
 
 A better solution
 -----------------
@@ -38,32 +38,36 @@ commands.
 
     #!/bin/sh
     set -eu
-    command -v sudo > /dev/null || { echo "Can't find sudo, exiting."; exit 1; }
-    uid="$(stat . --format '%u')"
-    gid="$(stat . --format '%g')"
-    groupadd --force --non-unique --gid "$gid" builder
-    useradd --non-unique --uid "$uid" --gid "$gid" --home-dir "$PWD" --no-create-home --shell /bin/bash builder
-    sudo -Eu "#$uid" -g "#$gid" -- "$@"
+    [ "$(id -u)" = "0" ] || { echo "Not running as root, continuing as the current user."; eval exec "$@"; }
+    command -v stat > /dev/null || { echo "Can't find stat, exiting."; exit 1; }
+    command -v gosu > /dev/null || { echo "Can't find gosu, exiting."; exit 1; }
+    uid="$(stat . -c '%u')"
+    gid="$(stat . -c '%g')"
+    eval exec gosu "$uid:$gid" "$@"
 
 The script is also available for `download
-<https://www.shore.co.il/blog/static/runas-gnu>`_. The only dependency is
-:code:`sudo`. There's also a `version
-<https://www.shore.co.il/blog/static/runas-busybox>`_ for images using BusyBox
-(like Alpine). You can download and check it to your VCS and incorporate it
-into your Dockerfile, or download it via the :code:`ADD` directive, like so:
+<https://www.shore.co.il/blog/static/runas>`_. The only dependency is
+`gosu <https://github.com/tianon/gosu>`_.  You can download and check it to
+your VCS and incorporate it into your Dockerfile, or download it via the
+:code:`ADD` directive, like so:
 
 .. code:: shell
 
-    FROM debian:stable
-    RUN apt-get update && \
-        DEBIAN_FRONTEND=noninteractive apt-get install -y sudo build-essential
-    ADD [ "https://www.shore.co.il/blog/static/runas-gnu", "/entrypoint" ]
-    ENTRYPOINT [ "/bin/sh", "/entrypoint" ]
+    FROM buildpack-deps
+    RUN curl -fsSL https://github.com/tianon/gosu/releases/download/1.10/gosu-amd64 -o gosu-amd64 && \
+        install -o root -g root -m 755 gosu-amd64 /usr/local/bin/gosu && \
+        rm gosu-amd64 && \
+        curl -fsSL https://www.shore.co.il/blog/static/runas -o runas && \
+        install -o root -g root -m 755 runas /entrypoint && \
+        rm runas
+    ENTRYPOINT [ "/entrypoint" ]
     VOLUME /volume
     WORKDIR /volume
     ENV HOME /volume
 
-And then finally, to build run
+Setting the home directory to the mounted volume will result in some files (like
+package managers cache) to be created there, which you may or may not want. And
+then finally, to build run
 
 .. code:: shell
 

content/static/runas

-runas-gnu
\ No newline at end of file

content/static/runas

+#!/bin/sh
+set -eu
+
+[ "$(id -u)" = "0" ] || { echo "Not running as root, continuing as the current user."; eval exec "$@"; }
+command -v stat > /dev/null || { echo "Can't find stat, exiting."; exit 1; }
+command -v gosu > /dev/null || { echo "Can't find gosu, exiting."; exit 1; }
+uid="$(stat . -c '%u')"
+gid="$(stat . -c '%g')"
+eval exec gosu "$uid:$gid" "$@"

content/static/runas-busybox

-#!/bin/sh
-set -eu
-command -v sudo > /dev/null || { echo "Can't find sudo, exiting."; exit 1; }
-uid="$(stat . -c '%u')"
-gid="$(stat . -c '%g')"
-addgroup -g "$gid" builder
-adduser -h "$PWD" -s /bin/sh -G builder -u "$uid" -H -D builder
-sudo -Eu "#$uid" -g "#$gid" -- "$@"

content/static/runas-gnu

-#!/bin/sh
-set -eu
-command -v sudo > /dev/null || { echo "Can't find sudo, exiting."; exit 1; }
-uid="$(stat . --format '%u')"
-gid="$(stat . --format '%g')"
-groupadd --force --non-unique --gid "$gid" builder
-useradd --non-unique --uid "$uid" --gid "$gid" --home-dir "$PWD" --no-create-home --shell /bin/bash builder
-sudo -Eu "#$uid" -g "#$gid" -- "$@"