docker: Fix $DOCKER_USER

nhooyr · nhooyr · commit 4e2acab0b1a9 · 2020-09-03T16:24:56.000-04:00
We do not try renaming $HOME anymore as there is no good way to do it. We also only try to convert if the user hasn't been changed. Finally I added usage to the docker docs in install.md Closes #2056
diff --git a/ci/release-image/Dockerfile b/ci/release-image/Dockerfile
@@ -39,6 +39,9 @@ COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
 RUN dpkg -i /tmp/code-server*$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
 
 EXPOSE 8080
-USER coder
+# This way, if someone sets $DOCKER_USER, docker-exec will still work as
+# the uid will remain the same. note: only relevant if -u isn't passed to
+# docker-run.
+USER 1000
 WORKDIR /home/coder
 ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]
diff --git a/ci/release-image/entrypoint.sh b/ci/release-image/entrypoint.sh
@@ -1,18 +1,20 @@
-#!/usr/bin/env sh
+#!/bin/sh
 set -eu
 
-if [ "${DOCKER_USER-}" ]; then
+# This isn't set by default.
+export USER="$(whoami)"
+
+if [ "${DOCKER_USER-}" != "$USER" ]; then
   echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
-  sudo usermod --login "$DOCKER_USER" \
-    --move-home --home "/home/$DOCKER_USER" \
-    coder
+  # Unfortunately we cannot change $HOME as we cannot move any bind mounts
+  # nor can we bind mount $HOME into a new home as that requires a privileged container.
+  sudo usermod --login "$DOCKER_USER" coder
   sudo groupmod -n "$DOCKER_USER" coder
 
+  export USER="$(whoami)"
+
   sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
   sudo sed -i "s/coder/$DOCKER_USER/g" /etc/fixuid/config.yml
-  export HOME="/home/$DOCKER_USER"
 fi
 
-# This isn't set by default.
-export USER="$(whoami)"
 dumb-init fixuid -q /usr/bin/code-server "$@"
diff --git a/doc/install.md b/doc/install.md
@@ -179,10 +179,11 @@ code-server
 # easily access/modify your code-server config in $HOME/.config/code-server/config.json
 # outside the container.
 mkdir -p ~/.config
-docker run -it -p 127.0.0.1:8080:8080 \
+docker run -it --name code-server -p 127.0.0.1:8080:8080 \
   -v "$HOME/.config:/home/coder/.config" \
   -v "$PWD:/home/coder/project" \
   -u "$(id -u):$(id -g)" \
+  -e "DOCKER_USER=$USER" \
   codercom/code-server:latest
 ```
 
