forked from cisagov/manage.get.gov
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker_entrypoint.py
56 lines (47 loc) · 1.38 KB
/
docker_entrypoint.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#! /usr/bin/env python
"""
This is a Docker entrypoint that configures the container to run
as the same uid of the user on the host container, rather than
the Docker default of root. Aside from following security best
practices, this makes it so that any files created by the Docker
container are also owned by the same user on the host system.
"""
import sys
import os
import pwd
import subprocess
HOST_UID = os.stat("/app").st_uid
HOST_USER = "james"
def does_username_exist(username):
try:
pwd.getpwnam(username)
return True
except KeyError:
return False
def does_uid_exist(uid):
try:
pwd.getpwuid(uid)
return True
except KeyError:
return False
if __name__ == "__main__":
if HOST_UID != os.geteuid():
if not does_uid_exist(HOST_UID):
username = HOST_USER
while does_username_exist(username):
username += "0"
home_dir = "/home/%s" % username
subprocess.check_call(
[
"useradd",
"-d",
home_dir,
"-m",
username,
"-u",
str(HOST_UID),
]
)
os.environ["HOME"] = "/home/%s" % pwd.getpwuid(HOST_UID).pw_name
os.setuid(HOST_UID)
os.execvp(sys.argv[1], sys.argv[1:])