From 05ad21c814b7a4f53dbf18ce7e936f45bf607d53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Oufella?= Date: Sun, 25 Feb 2024 15:36:23 -0500 Subject: [PATCH] create container user with no user group This issue was reported in #123, where @miellaby wrote: > Context: Using cqfd from a host user (jenkins) who has no user > group. For example, on our server, jenkins belongs to the docker group > only (which is its primary group). > > Expected: commands run by cqfd inherits the credentials/ownership of > the host user. Especially files generated by cqfd encapsulated > commands have the same user and group than the files generated without > cqfd. In our case, generated files should be owned by > jenkins:docker (user jenkings group docker). > > Observed: files generated within cqfd are owned by jenkins:jenkins > instead of jenkins:docker. > > Correction proposal (TBC): In make_launch() bash function, useradd > should be called with the --no-user-group (-N) option to make the > docker user consistent with the host user (that is with the same > primary group). --- cqfd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cqfd b/cqfd index 3228f31..809c57e 100755 --- a/cqfd +++ b/cqfd @@ -367,7 +367,7 @@ test_su_session_command && has_su_session_command=1 # Add the host's user and group to the container, and adjust ownership. groupadd -og $GROUPS -f builders || die "groupadd command failed." -useradd -s /bin/sh -ou $UID -g $GROUPS -d "$cqfd_user_home" $cqfd_user \ +useradd -s /bin/sh -oN -u $UID -g $GROUPS -d "$cqfd_user_home" $cqfd_user \ || die "useradd command failed." mkdir -p "$cqfd_user_home" || die "mkdir command failed." chown $UID:$GROUPS "$cqfd_user_home" || die "chown command failed."