CHE-3264 - Starting the che server as an user

snjeza · l0rd · commit 394ca3b512b8 · 2016-12-12T19:21:41.000+01:00
Signed-off-by: Snjezana Peco &lt;snjezana.peco@redhat.com&gt;
diff --git a/dockerfiles/che/entrypoint.sh b/dockerfiles/che/entrypoint.sh
@@ -226,11 +226,27 @@ init() {
   export CHE_DATA="/data"
   CHE_DATA_HOST=$(get_che_data_from_host)
 
+  CHE_USER=${CHE_USER:-root}
+  export CHE_USER=$CHE_USER
+  if [ "$CHE_USER" != "root" ]; then
+    if [ ! $(getent group docker) ]; then
+      echo "!!!"
+      echo "!!! Error: The docker group doesn't exist."
+      echo "!!!"
+      exit 1
+    fi
+    export CHE_USER_ID=`id -u ${CHE_USER}`:`getent group docker | cut -d: -f3`
+    sudo chown -R ${CHE_USER}:docker ${CHE_DATA}
+    sudo chown -R ${CHE_USER}:docker ${CHE_HOME}
+  fi
   ### Are we going to use the embedded che.properties or one provided by user?`
   ### CHE_LOCAL_CONF_DIR is internal Che variable that sets where to load
   if [ -f "/conf/che.properties" ]; then
     echo "Found custom che.properties..."
     export CHE_LOCAL_CONF_DIR="/conf"
+    if [ "$CHE_USER" != "root" ]; then
+      sudo chown -R ${CHE_USER}:docker ${CHE_LOCAL_CONF_DIR}
+    fi
   else
     echo "Using embedded che.properties... Copying template to ${CHE_DATA_HOST}/conf."
     mkdir -p /data/conf
diff --git a/dockerfiles/launcher/launcher_funcs.sh b/dockerfiles/launcher/launcher_funcs.sh
@@ -110,22 +110,44 @@ docker_run() {
     -v "$CHE_DATA_LOCATION" \
     -p "${CHE_PORT}":"${CHE_PORT}" \
     --restart="${CHE_RESTART_POLICY}" \
-    --user="${CHE_USER}" \
     -e "CHE_LOG_LEVEL=${CHE_LOG_LEVEL}" \
     -e "CHE_IP=$CHE_HOST_IP" \
     --env-file=$ENV_FILE \
     "$@"
- 
    rm -rf $ENV_FILE > /dev/null
 }
 
+get_user_id() {
+   CHE_USER_UID=$(docker run -t \
+     -v /etc/passwd:/etc/passwd:ro,Z \
+     -v /etc/group:/etc/group:ro,Z \
+     alpine id -u ${CHE_USER})
+   CHE_USER_GID=$(docker run -t \
+     -v /etc/passwd:/etc/passwd:ro,Z \
+     -v /etc/group:/etc/group:ro,Z \
+      alpine getent group docker | cut -d: -f3)
+   echo -n "${CHE_USER_UID}" | tr '\r' ':'; echo -n ${CHE_USER_GID}
+}
+
+docker_run_with_che_user() {
+   if [ "${CHE_USER}" != "root" ]; then
+     docker_run -e CHE_USER=${CHE_USER} \
+      -v /etc/group:/etc/group:ro,Z \
+      -v /etc/passwd:/etc/passwd:ro,Z \
+      --user=$(get_user_id) \
+      "$@"
+   else
+     docker_run --user="${CHE_USER}" "$@"
+   fi
+}
+
 docker_run_if_in_vm() {
   # If the container will run inside of a VM, additional parameters must be set.
   # Setting CHE_IN_VM=true will have the che-server container set the values.
   if is_docker_for_mac || is_docker_for_windows || is_boot2docker; then
-    docker_run -e "CHE_IN_VM=true" "$@"
+    docker_run_with_che_user -e "CHE_IN_VM=true" "$@"
   else
-    docker_run "$@"
+    docker_run_with_che_user "$@"
   fi
 }
 
