forked from rubensa/docker-ubuntu-tini-user
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
143 lines (122 loc) · 4.21 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# syntax=docker/dockerfile:1.4
FROM nextail/ubuntu-tini
LABEL author="Ruben Suarez <[email protected]>"
# Architecture component of TARGETPLATFORM (platform of the build result)
ARG TARGETARCH
# Define non-root user and group id's
ARG USER_ID=1000
ARG GROUP_ID=1000
# Define non-root user and group names
ARG USER_NAME=user
ARG GROUP_NAME=group
# Expose non-root user and group names
ENV USER_NAME=${USER_NAME}
ENV GROUP_NAME=${GROUP_NAME}
# Since ubuntu:23.04 a non-root "ubuntu" user is created by default with UID=1000
# Let's remove it to avoid conflicts
RUN <<EOT
echo "# Removing default 'ubuntu' user..."
#
# avoid "userdel: ubuntu mail spool (/var/mail/ubuntu) not found" warning
touch /var/mail/ubuntu
chown ubuntu /var/mail/ubuntu
#
# remove user
userdel -r ubuntu
EOT
# Create a non-root user with custom group
RUN <<EOT
echo "# Creating group '${GROUP_NAME}' (${GROUP_ID})..."
groupadd --gid ${GROUP_ID} ${GROUP_NAME}
echo "# Creating user '${USER_NAME}' (${USER_ID}) and adding it to '${GROUP_NAME}'..."
useradd --uid ${USER_ID} --gid ${GROUP_NAME} --home /home/${USER_NAME} --create-home --shell /bin/bash ${USER_NAME}
passwd -d ${USER_NAME}
#
# Create some user directories
echo "# Creating directories '.config' and '.local/bin' under user HOME directory..."
mkdir -p /home/${USER_NAME}/.config
mkdir -p /home/${USER_NAME}/.local/bin
chown -R ${USER_NAME}:${GROUP_NAME} /home/${USER_NAME}
#
# Set default non-root user umask to 002 to give group all file permissions (interactive non-login shell)
# Allow override by setting UMASK_SET environment variable
echo "# Configuring defult user mask (${UMASK_SET:-002})..."
printf "\nUMASK_SET=\${UMASK_SET:-002}\numask \"\${UMASK_SET}\"\n" >> /home/${USER_NAME}/.bashrc
EOT
# fixuid version to install (https://github.com/boxboat/fixuid/releases)
ARG FIXUID_VERSION=0.6.0
# Add fixuid
ADD https://github.com/boxboat/fixuid/releases/download/v${FIXUID_VERSION}/fixuid-${FIXUID_VERSION}-linux-${TARGETARCH}.tar.gz /tmp/fixuid-linux.tar.gz
# Install fixuid
RUN <<EOT
echo "# Installing fixuid..."
tar -C /sbin -xzf /tmp/fixuid-linux.tar.gz
rm /tmp/fixuid-linux.tar.gz
chown root:root /sbin/fixuid
chmod 4755 /sbin/fixuid
mkdir -p /etc/fixuid
#
# Configure fixuid to fix user home folder
printf "user: ${USER_NAME}\ngroup: ${GROUP_NAME}\npaths:\n - /home/${USER_NAME}" > /etc/fixuid/config.yml
EOT
# Avoid warnings by switching to noninteractive
ENV DEBIAN_FRONTEND=noninteractive
# Configure apt and install basic packages
RUN <<EOT
echo "# Configuring apt..."
apt-get update
#
# Basic apt configuration
echo "# Installing apt-utils, dialog, ca-certificates, curl and tzdata..."
apt-get install -y --no-install-recommends apt-utils dialog ca-certificates curl tzdata 2>&1
EOT
# Install locales
RUN <<EOT
echo "# Installing locales..."
apt-get install -y --no-install-recommends locales 2>&1
#
# Configure locale
echo "# Configuring 'en_US.UTF-8' locale..."
locale-gen en_US.UTF-8
update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
EOT
# Set locale
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
# Install sudo
RUN <<EOT
echo "# Installing sudo..."
apt-get install -y --no-install-recommends sudo 2>&1
#
# Add sudo support for non-root user
echo "# Allow 'sudo' for '${USER_NAME}'"
echo "${USER_NAME} ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USER_NAME}
chmod 0440 /etc/sudoers.d/${USER_NAME}
EOT
# Install some user utillities
RUN <<EOT
echo "# Installing bash-completion and vim..."
apt-get install -y --no-install-recommends bash-completion vim 2>&1
EOT
# Clean up apt
RUN <<EOT
echo "# Cleaining up apt..."
apt-get autoremove -y
apt-get clean -y
rm -rf /var/lib/apt/lists/*
EOT
# Switch back to dialog for any ad-hoc use of apt-get
ENV DEBIAN_FRONTEND=
# Tell docker that all future commands should be run as the non-root user
USER ${USER_NAME}
# Set user home directory (see: https://github.com/microsoft/vscode-remote-release/issues/852)
ENV HOME=/home/${USER_NAME}
# Set default working directory to user home directory
WORKDIR ${HOME}
# Set the default shell to bash rather than sh
ENV SHELL=/bin/bash
# Allways execute tini, fixuid and docker-from-docker-init
ENTRYPOINT [ "/sbin/tini", "--", "/sbin/fixuid" ]
# By default execute an interactive shell (executes ~/.bashrc)
CMD [ "/bin/bash", "-i" ]