Skip to content
Snippets Groups Projects
Commit 44c7c161 authored by nimrod's avatar nimrod
Browse files

Docker run-as imporovements.

- Remove hard-coded dependency on /volume location, use working
directory instead.
- Assorted small changes.
parent bf68498c
No related branches found
No related tags found
No related merge requests found
......@@ -42,7 +42,7 @@ commands.
uid="$(stat . --format '%u')"
gid="$(stat . --format '%g')"
groupadd --force --non-unique --gid "$gid" builder
useradd --non-unique --uid "$uid" --gid "$gid" --home-dir /volume --no-create-home --shell /bin/bash builder
useradd --non-unique --uid "$uid" --gid "$gid" --home-dir "$PWD" --no-create-home --shell /bin/bash builder
sudo -Eu "#$uid" -g "#$gid" -- "$@"
The script is also available for `download
......@@ -55,7 +55,7 @@ into your Dockerfile, or download it via the :code:`ADD` directive, like so:
.. code:: shell
FROM debian:stable
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y sudo build-essential
ADD [ "https://www.shore.co.il/blog/static/runas-gnu", "/entrypoint" ]
ENTRYPOINT [ "/bin/sh", "/entrypoint" ]
......
......@@ -4,5 +4,5 @@ command -v sudo > /dev/null || { echo "Can't find sudo, exiting."; exit 1; }
uid="$(stat . -c '%u')"
gid="$(stat . -c '%g')"
addgroup -g "$gid" builder
adduser -h /volume -s /bin/sh -G builder -u "$uid" -H -D builder
adduser -h "$PWD" -s /bin/sh -G builder -u "$uid" -H -D builder
sudo -Eu "#$uid" -g "#$gid" -- "$@"
......@@ -4,5 +4,5 @@ command -v sudo > /dev/null || { echo "Can't find sudo, exiting."; exit 1; }
uid="$(stat . --format '%u')"
gid="$(stat . --format '%g')"
groupadd --force --non-unique --gid "$gid" builder
useradd --non-unique --uid "$uid" --gid "$gid" --home-dir /volume --no-create-home --shell /bin/bash builder
useradd --non-unique --uid "$uid" --gid "$gid" --home-dir "$PWD" --no-create-home --shell /bin/bash builder
sudo -Eu "#$uid" -g "#$gid" -- "$@"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment