From 4a86bb42cc9a44c8d0a48b5ecd9f7290a47401d3 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 30 Mar 2023 11:19:16 +1000 Subject: [PATCH] Different approach, always create npmuser even if the user id is zero, and then we'll always use it --- docker/rootfs/etc/nginx/nginx.conf | 1 + .../rootfs/etc/s6-overlay/s6-rc.d/backend/run | 23 ++++---------- .../etc/s6-overlay/s6-rc.d/frontend/run | 14 +++------ .../rootfs/etc/s6-overlay/s6-rc.d/nginx/run | 9 ++---- .../s6-overlay/s6-rc.d/prepare/10-npmuser.sh | 31 ++++++++----------- .../s6-overlay/s6-rc.d/prepare/90-banner.sh | 16 +++++----- 6 files changed, 33 insertions(+), 61 deletions(-) diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index 438c1bd4..c2ee97cc 100644 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -1,6 +1,7 @@ # run nginx in foreground daemon off; pid /run/nginx/nginx.pid; +user npmuser; # Set number of worker processes automatically based on number of CPU cores. worker_processes auto; diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run index 2f9fa9f6..e8ffa17c 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run @@ -7,26 +7,15 @@ set -e cd /app || exit 1 -if [ "${DEVELOPMENT:-}" = "true" ]; then - if [ "$PUID" = '0' ]; then - log_info 'Starting backend development ...' - yarn install - node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js - else - log_info "Starting backend development as npmuser ($PUID) ..." - s6-setuidgid npmuser yarn install - exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js' - fi +log_info 'Starting backend ...' + +if [ "${DEVELOPMENT:-}" = 'true' ]; then + s6-setuidgid npmuser yarn install + exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js' else while : do - if [ "$PUID" = '0' ]; then - log_info 'Starting backend ...' - node --abort_on_uncaught_exception --max_old_space_size=250 index.js - else - log_info "Starting backend as npmuser ($PUID) ..." - s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js' - fi + s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js' sleep 1 done fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run index 19db5733..1181c53e 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run @@ -5,7 +5,7 @@ set -e # This service is DEVELOPMENT only. -if [ "$DEVELOPMENT" == "true" ]; then +if [ "$DEVELOPMENT" = 'true' ]; then . /bin/common.sh cd /app/frontend || exit 1 HOME=/tmp/npmuserhome @@ -13,15 +13,9 @@ if [ "$DEVELOPMENT" == "true" ]; then mkdir -p /app/frontend/dist chown -R "$PUID:$PGID" /app/frontend/dist - if [ "$PUID" = '0' ]; then - log_info 'Starting frontend ...' - yarn install - exec yarn watch - else - log_info "Starting frontend as npmuser ($PUID) ..." - s6-setuidgid npmuser yarn install - exec s6-setuidgid npmuser yarn watch - fi + log_info 'Starting frontend ...' + s6-setuidgid npmuser yarn install + exec s6-setuidgid npmuser yarn watch else exit 0 fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run index 30f3a71a..fa8c1fc5 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run @@ -5,10 +5,5 @@ set -e . /bin/common.sh -if [ "$PUID" = '0' ]; then - log_info 'Starting nginx ...' - exec nginx -else - log_info "Starting nginx as npmuser ($PUID) ..." - exec s6-setuidgid npmuser nginx -fi +log_info 'Starting nginx ...' +exec s6-setuidgid npmuser nginx diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh index a749ca2b..c5cf5435 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh @@ -3,23 +3,18 @@ set -e -if [ "$PUID" = '0' ]; then - log_info 'Skipping npmuser configuration' +log_info 'Configuring npmuser ...' + +if id -u npmuser; then + # user already exists + usermod -u "$PUID" npmuser || exit 1 else - log_info 'Configuring npmuser ...' - groupmod -g 1000 users || exit 1 - - if id -u npmuser; then - # user already exists - usermod -u "$PUID" npmuser || exit 1 - else - # Add npmuser user - useradd -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1 - fi - - usermod -G users npmuser || exit 1 - groupmod -o -g "$PGID" npmuser || exit 1 - # Home for npmuser - mkdir -p /tmp/npmuserhome - chown -R "$PUID:$PGID" /tmp/npmuserhome + # Add npmuser user + useradd -o -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1 fi + +usermod -G "$PGID" npmuser || exit 1 +groupmod -o -g "$PGID" npmuser || exit 1 +# Home for npmuser +mkdir -p /tmp/npmuserhome +chown -R "$PUID:$PGID" /tmp/npmuserhome diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh index ae3ad00f..7991ddf4 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh @@ -3,17 +3,15 @@ set -e -echo -echo "------------------------------------- +echo " +------------------------------------- _ _ ____ __ __ | \ | | _ \| \/ | | \| | |_) | |\/| | | |\ | __/| | | | |_| \_|_| |_| |_| --------------------------------------" -if [[ "$PUID" -ne '0' ]]; then - echo "User UID: $(id -u npmuser)" - echo "User GID: $(id -g npmuser)" - echo "-------------------------------------" -fi -echo +------------------------------------- +User ID: $PUID +Group ID: $PGID +------------------------------------- +"