Fix permissions when running dev container as non-root user

I wanted to pass `—user` to `docker-compose` up, but that option doesnt exist. To get around this, I had to record the uid on the host (CURRENT_UID), interpolate the variable in tools/docker-compose.yml, and detect that inside the container. I then piggy-backed on the /etc/passwd hack we use for scenarios with unpredictable uids.
2026-02-01 09:38:10 -03:30 · 2018-10-22 19:02:31 -04:00
parent 7df63830ed
commit a361b5da6e
7 changed files with 23 additions and 23 deletions
--- a/tools/docker-compose/Dockerfile
+++ b/tools/docker-compose/Dockerfile
@@ -59,10 +59,10 @@ EXPOSE 8043 8013 8080 22
 ENTRYPOINT ["/tini", "--"]
 CMD /start_development.sh

-RUN touch /venv/awx/lib/python2.7/site-packages/awx.egg-link
-RUN chmod g+rwx /venv/awx/lib/python2.7/site-packages/awx.egg-link
+# Pre-create things that we need to write to
+RUN for dir in /var/lib/awx/ /projects /.ansible /var/log/nginx /var/lib/nginx /.local; \
+  do mkdir -p $dir; chmod -R g+rwx $dir; chgrp -R root $dir; done

-RUN chmod g+w /etc/passwd
-RUN mkdir -p /projects && chmod g+w /projects
-
-USER ${UID}
+RUN for file in /etc/passwd /supervisor.conf \
+  /venv/awx/lib/python2.7/site-packages/awx.egg-link /var/run/nginx.pid; \
+  do touch $file; chmod -R g+rwx $file; chgrp -R root $file; done
--- a/tools/docker-compose/bootstrap_development.sh
+++ b/tools/docker-compose/bootstrap_development.sh
@@ -1,6 +1,12 @@
 #!/bin/bash
 set +x

+if [ `id -u` -ge 500 ] || [ -z "${CURRENT_UID}" ]; then
+    echo "awx:x:`id -u`:`id -g`:,,,:/tmp:/bin/bash" >> /tmp/passwd
+    cat /tmp/passwd > /etc/passwd
+    rm /tmp/passwd
+fi
+
 # Wait for the databases to come up
 ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=postgres port=5432" all
 ansible -i "127.0.0.1," -c local -v -m wait_for -a "host=memcached port=11211" all
--- a/tools/docker-compose/nginx.conf
+++ b/tools/docker-compose/nginx.conf
@@ -1,4 +1,3 @@
-user  nginx;
 worker_processes  1;

 error_log  /var/log/nginx/error.log warn;
--- a/tools/docker-compose/start_development.sh
+++ b/tools/docker-compose/start_development.sh
@@ -1,12 +1,6 @@
 #!/bin/bash
 set +x

-if [ `id -u` -ge 500 ]; then
-    echo "awx:x:`id -u`:`id -g`:,,,:/tmp:/bin/bash" >> /tmp/passwd
-    cat /tmp/passwd > /etc/passwd
-    rm /tmp/passwd
-fi
-
 /bootstrap_development.sh

 cd /awx_devel
--- a/tools/docker-compose/start_tests.sh
+++ b/tools/docker-compose/start_tests.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 set +x

-if [ `id -u` -ge 500 ]; then
+if [ `id -u` -ge 500 ] || [ -z "${CURRENT_UID}" ]; then
    echo "awx:x:`id -u`:`id -g`:,,,:/tmp:/bin/bash" >> /tmp/passwd
    cat /tmp/passwd > /etc/passwd
    rm /tmp/passwd