search

toolness / p5.js-docker

Experimental docker setup to make p5.js + p5js.org development easier.
12 stars 4 forks source link

entrypoint.js might not setuid if user account already exists #5

Closed toolness closed 8 years ago

toolness commented 8 years ago

looking at the code for entrypoint.js, it seems as though the process.setuid() call is inside the if clause that checks to see if the host user exists in the docker container.

I think this means that the process will run as root if the user aleady exists, so we should probably move the setuid() call outside of that if clause, i.e.:

  if (HOST_UID !== process.getuid()) {
    if (!putil.successSync('id -u ' + HOST_USER)) {
      console.log("Configuring uid " + HOST_UID + " as user " +
                  HOST_USER + "...");
      process.env['HOME'] = '/home/' + HOST_USER;
      putil.runSync(
        'groupadd code_executor_group && ' +
        'useradd -d ' + process.env['HOME'] + ' -m ' + HOST_USER + ' ' +
        '-g code_executor_group -u ' + HOST_UID
      );
-     process.setuid(HOST_UID);
    }
+   process.setuid(HOST_UID);
  }
toolness commented 8 years ago

Oh, I think we want to move process.env['HOME'] out of that if clause too...