Use 1000 as default application user

ayufan · ayufan · commit 686b5ea0a2a0 · 2015-01-10T15:10:19.000+01:00
Allows to overwrite user by defining: DOKKU_USER_ID or use random by setting DOKKU_RANDOM_USER_ID
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,3 @@
+.bundle/
+.git/
+vendor/
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,4 @@
 *.tgz
 build-dir/buildpacks/*
+.bundle/
+vendor/
diff --git a/Makefile b/Makefile
@@ -3,3 +3,8 @@ TAG ?= $(shell git rev-parse --abbrev-ref HEAD)
 
 build:
 	docker build -t "$(IMAGE):$(TAG)" .
+
+test:
+	bundle install --deployment
+	docker build -t progrium/buildstep .
+	bundle exec cucumber --exclude features/apps
diff --git a/builder/builder b/builder/builder
@@ -8,21 +8,39 @@ mkdir -p $cache_root
 mkdir -p $buildpack_root
 mkdir -p $build_root/.profile.d
 
-user_id=$((RANDOM+1000))
-user_name="u${user_id}"
+# Use 1000 as default user
+if [[ -n "$DOKKU_RANDOM_USER_ID" ]]; then
+  DOKKU_USER_ID="${DOKKU_USER_ID:-$((RANDOM+1000))}"
+else
+  DOKKU_USER_ID="${DOKKU_USER_ID:-1000}"
+fi
 
-# Create a random user
-/usr/sbin/addgroup --quiet --gid $user_id $user_name
-/usr/sbin/adduser --shell /bin/bash \
-                  --disabled-password \
-                  --force-badname \
-                  --no-create-home \
-                  --uid $user_id \
-                  --gid $user_id \
-                  --gecos '' \
-                  --quiet \
-                  --home $app_dir \
-                  $user_name
+if [[ "$DOKKU_USER_ID" -ne "0" ]]; then
+  user_id="$DOKKU_USER_ID"
+  user_name="u${user_id}"
+
+  echo $'\e[1G----->' "Using $user_name to run an application"
+
+  # Create a random user
+  /usr/sbin/addgroup --quiet --gid $user_id $user_name
+  /usr/sbin/adduser --shell /bin/bash \
+                    --disabled-password \
+                    --force-badname \
+                    --no-create-home \
+                    --uid $user_id \
+                    --gid $user_id \
+                    --gecos '' \
+                    --quiet \
+                    --home $app_dir \
+                    $user_name
+else
+  user_id="0"
+  user_name="root"
+
+  echo $'\e[1G----->' " Using ROOT to run an application (potentially insecure)"
+
+  /usr/sbin/usermod --home $app_dir root
+fi
 
 # Grant the user access to all required paths before
 # running the compile phase as non-privileged user.
