-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathinit
executable file
·41 lines (33 loc) · 1.64 KB
/
init
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/env bash
set -euo pipefail
# This init script is from https://github.com/vorburger/cloudshell
# Original Author: Michael Vorburger <mike@vorburger.ch> http://www.vorburger.ch
if [ -z ${USER_ID+x} ]; then echo "USER_ID must be set!"; exit 3; fi
if [ -z ${USER_PWD+x} ]; then echo "USER_PWD must be set!"; exit 4; fi
# adding user if it doesn't already exist (for tests in build script),
# and add her to system group "wheel" (Fedora) or "sudo" (Debian), so that she can use "sudo" later
id -u "$USER_ID" >/dev/null 2>&1 || useradd --create-home "$USER_ID"
usermod -a -G wheel "$USER_ID" >/dev/null 2>&1 || true
usermod -a -G sudo "$USER_ID" >/dev/null 2>&1 || true
cd /home/"$USER_ID"
if [ -z ${USER_SHELL+x} ]; then
chsh -s /usr/bin/fish "$USER_ID" >/dev/null 2>&1
else
chsh -s "$USER_SHELL" "$USER_ID" >/dev/null 2>&1
fi
# NOTE we're not actually setting the user's password in the container!
# It's only used for authentication to GoTTY (in Dockerfile); we don't need it in-container,
# and it's more secure not to leave it in a file in the container if ther is no reason to.
# tweak /etc/sudoers so that she can sudo without password..
# .. for Fedora:
sed -i 's/^%wheel/# %wheel/' /etc/sudoers
sed -i 's/^# %wheel/%wheel/' /etc/sudoers
# .. for Debian:
if [ -f /etc/sudoers.d/README ]; then
echo "%sudo ALL=(ALL:ALL) NOPASSWD: ALL" >/etc/sudoers.d/NOPASSWD
fi
# https://github.com/sudo-project/sudo/issues/42
# https://bugzilla.redhat.com/show_bug.cgi?id=1773148
echo "Set disable_coredump false" >> /etc/sudo.conf
# NB Using --no-new-privs prevents sudo from working :(
setpriv --reuid="$USER_ID" --regid="$USER_ID" --init-groups --reset-env "$@"