mvdan
commented
1 year ago Interesting point. We could and likely should make our docker image run as a non-root user, but that wouldn't be a complete fix on its own. Like you say, we should probably retain the original owner, just like we already retain the original permission bits.
I thought about this some time ago in https://github.com/google/renameio/issues/19 already. We currently use https://pkg.go.dev/github.com/google/renameio/v2@v2.0.0/maybe#WriteFile with the permission bits obtained via https://pkg.go.dev/os#Lstat, which doesn't keep the original owner.
Worth noting that https://github.com/mvdan/sh/issues/843 is somewhat similar, in that files which are symlinks are currently replaced by regular files. Though the fix is unlikely to be the same for both.
Happy to review a PR which makes our docker image run as non-root.
Also happy to review a PR about keeping the original owner/group for input files. I think the cleanest solution would be to call https://pkg.go.dev/os#Chown after we've written each file. I wouldn't want to lose the atomic file writes, because that can lead to data corruption. A mid-way crash leaving the wrong owner/group info is much less worrying than a crash leaving the file empty or partially written.
Example usage:
If changes are made the uid/gid of script.sh is changed to 0:0, likely because the process inside docker runs as root. It would better for shfmt to preserve uid/gid.