joufella
commented
1 year ago This has two impacts, the first is the username is used for docker image naming (eg. cqfd_username_orgname_projectname), the second is it's passed within the Linux container for user environment cloning.
For naming the docker image, I see two approaches,
- either we block cqfd execution if the username is not POSIX compliant. This will solve both issues, but may cause issues eg. in AD environments where usernames tend to have a domain+separator prefix)
- or we sanitize the username prior to it being consumed for image naming
For the container runtime part, we should be able to find a proper username passing mechanism, however we need to make sure it works with containers like Alpine which don't use glibc, in this case we'd better stopping execution as described above.
eroussy
Original problem
When running a
cqfd runwith the username "test@test", I get this error :.cqfdrc.cqfd/docker/DockerfileInvestigation
By using special options when creating a user, it is technically possible to use '@' and '$' characters in Linux usernames.
When launching docker, cqfd use the useradd command to create a user with the same username as the user who launched the cqfd command. If this username contains '@' or '$' the useradd command will fail, but only on some systems :
One possible fix would be to add the
--badnamesoption to useradd in the make_launcher function to make it accept bad usernames. But old Linux distributions (ex : Ubuntu 14, 16 and 18 ) doesn't recognize this option.TL;DR : For now, only Ubuntu images works with bad usernames