From e760ec7474b01af42b84c4b2b27a6ada8b9bfac0 Mon Sep 17 00:00:00 2001 From: Jonathan Yu Date: Wed, 16 Feb 2022 11:01:10 -0800 Subject: [PATCH] chore: switch from named to numeric uids (#133) Clusters that have an admission controller that requires containers to run as a non-root user need the default user of the image to be declared as a numeric uid, so that the constraint can be applied prior to starting the container. Change "USER root" to "USER 0" and "USER coder" to "USER 1000" --- images/android/Dockerfile.ubuntu | 4 ++-- images/base/Dockerfile.arch | 2 +- images/base/Dockerfile.centos | 2 +- images/base/Dockerfile.ubuntu | 2 +- images/clion/Dockerfile.centos | 4 ++-- images/clion/Dockerfile.ubuntu | 4 ++-- images/dataSpell/Dockerfile.centos | 4 ++-- images/dataSpell/Dockerfile.ubuntu | 4 ++-- images/goland/Dockerfile.centos | 4 ++-- images/goland/Dockerfile.ubuntu | 4 ++-- images/golang/Dockerfile.centos | 4 ++-- images/golang/Dockerfile.ubuntu | 4 ++-- images/intellij/Dockerfile.centos | 4 ++-- images/intellij/Dockerfile.ubuntu | 4 ++-- images/java/Dockerfile.centos | 4 ++-- images/java/Dockerfile.ubuntu | 4 ++-- images/jupyter/Dockerfile.centos | 4 ++-- images/jupyter/Dockerfile.ubuntu | 4 ++-- images/multieditor/Dockerfile.centos | 4 ++-- images/multieditor/Dockerfile.ubuntu | 4 ++-- images/node/Dockerfile.centos | 4 ++-- images/node/Dockerfile.ubuntu | 4 ++-- images/pycharm/Dockerfile.centos | 4 ++-- images/pycharm/Dockerfile.ubuntu | 4 ++-- images/ruby/Dockerfile.centos | 4 ++-- images/ruby/Dockerfile.ubuntu | 4 ++-- images/vnc/Dockerfile.ubuntu | 2 +- images/webstorm/Dockerfile.centos | 4 ++-- images/webstorm/Dockerfile.ubuntu | 4 ++-- 29 files changed, 54 insertions(+), 54 deletions(-) diff --git a/images/android/Dockerfile.ubuntu b/images/android/Dockerfile.ubuntu index d8f17b0..9adf42d 100644 --- a/images/android/Dockerfile.ubuntu +++ b/images/android/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-java:ubuntu # Run everything as root -USER root +USER 0 ENV ANDROID_SDK_ROOT /usr/lib/android-sdk ENV ANDROID_HOME ${ANDROID_SDK_ROOT} @@ -38,4 +38,4 @@ RUN add-apt-repository ppa:maarten-fonville/android-studio && \ ln -s /opt/android-studio/bin/studio.sh /usr/local/bin/studio # Set back to coder user -USER coder +USER 1000 diff --git a/images/base/Dockerfile.arch b/images/base/Dockerfile.arch index 0f86e4e..1e3149f 100644 --- a/images/base/Dockerfile.arch +++ b/images/base/Dockerfile.arch @@ -41,7 +41,7 @@ RUN useradd coder \ --user-group && \ echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd -USER coder +USER 1000 # install Homebrew, must be as a non-root user RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" diff --git a/images/base/Dockerfile.centos b/images/base/Dockerfile.centos index 8ab869d..c015fd1 100644 --- a/images/base/Dockerfile.centos +++ b/images/base/Dockerfile.centos @@ -42,7 +42,7 @@ RUN useradd coder \ --user-group && \ echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd -USER coder +USER 1000 # install Homebrew, must be as a non-root user RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" diff --git a/images/base/Dockerfile.ubuntu b/images/base/Dockerfile.ubuntu index 1b2583d..29f96f3 100644 --- a/images/base/Dockerfile.ubuntu +++ b/images/base/Dockerfile.ubuntu @@ -42,7 +42,7 @@ RUN useradd coder \ --user-group && \ echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd -USER coder +USER 1000 # install Homebrew, must be as a non-root user RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" diff --git a/images/clion/Dockerfile.centos b/images/clion/Dockerfile.centos index 7c349d8..52403b0 100644 --- a/images/clion/Dockerfile.centos +++ b/images/clion/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-multieditor:centos # Run everything as root -USER root +USER 0 # Install clion. RUN mkdir -p /opt/clion @@ -11,4 +11,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=CL&latest&distribution= RUN ln -s /opt/clion/bin/clion.sh /usr/bin/clion # Set back to coder user -USER coder +USER 1000 diff --git a/images/clion/Dockerfile.ubuntu b/images/clion/Dockerfile.ubuntu index 2896615..35bfa82 100644 --- a/images/clion/Dockerfile.ubuntu +++ b/images/clion/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-multieditor:ubuntu # Run everything as root -USER root +USER 0 # Install clion. RUN mkdir -p /opt/clion @@ -11,4 +11,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=CL&latest&distribution= RUN ln -s /opt/clion/bin/clion.sh /usr/bin/clion # Set back to coder user -USER coder +USER 1000 diff --git a/images/dataSpell/Dockerfile.centos b/images/dataSpell/Dockerfile.centos index 8c51804..3bf7533 100644 --- a/images/dataSpell/Dockerfile.centos +++ b/images/dataSpell/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-multieditor:centos # Run everything as root -USER root +USER 0 # Install DataSpell. RUN mkdir -p /opt/dataspell @@ -11,4 +11,4 @@ RUN curl -L "https://download.jetbrains.com/python/jetbrains-data-spell-213.2094 RUN ln -s /opt/dataspell/bin/dataspell.sh /usr/bin/dataspell # Set back to coder user -USER coder \ No newline at end of file +USER 1000 \ No newline at end of file diff --git a/images/dataSpell/Dockerfile.ubuntu b/images/dataSpell/Dockerfile.ubuntu index 8291325..eefbd4e 100644 --- a/images/dataSpell/Dockerfile.ubuntu +++ b/images/dataSpell/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-multieditor:ubuntu # Run everything as root -USER root +USER 0 # Install DataSpell. RUN mkdir -p /opt/dataspell @@ -11,4 +11,4 @@ RUN curl -L "https://download.jetbrains.com/python/jetbrains-data-spell-213.2094 RUN ln -s /opt/dataspell/bin/dataspell.sh /usr/bin/dataspell # Set back to coder user -USER coder \ No newline at end of file +USER 1000 \ No newline at end of file diff --git a/images/goland/Dockerfile.centos b/images/goland/Dockerfile.centos index 2e42e58..5c13c88 100644 --- a/images/goland/Dockerfile.centos +++ b/images/goland/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-golang:centos # Run everything as root -USER root +USER 0 # Packages required for multi-editor support RUN yum update -y && yum install -y \ @@ -21,4 +21,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=GO&latest&distribution= RUN ln -s /opt/goland/bin/goland.sh /usr/bin/goland # Set back to coder user -USER coder +USER 1000 diff --git a/images/goland/Dockerfile.ubuntu b/images/goland/Dockerfile.ubuntu index 7c2c51d..e3a8e8a 100644 --- a/images/goland/Dockerfile.ubuntu +++ b/images/goland/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-golang:ubuntu # Run everything as root -USER root +USER 0 # Packages required for multi-editor support RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y \ @@ -19,4 +19,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=GO&latest&distribution= RUN ln -s /opt/goland/bin/goland.sh /usr/bin/goland # Set back to coder user -USER coder +USER 1000 diff --git a/images/golang/Dockerfile.centos b/images/golang/Dockerfile.centos index 97b454b..ef5f714 100644 --- a/images/golang/Dockerfile.centos +++ b/images/golang/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:centos # Run everything as root -USER root +USER 0 # Install go RUN curl -L "https://dl.google.com/go/go1.17.1.linux-amd64.tar.gz" | tar -C /usr/local -xzvf - @@ -15,4 +15,4 @@ ENV GOBIN $GOPATH/bin ENV PATH $PATH:$GOBIN # Set back to coder user -USER coder +USER 1000 diff --git a/images/golang/Dockerfile.ubuntu b/images/golang/Dockerfile.ubuntu index 8fd6f17..332b741 100644 --- a/images/golang/Dockerfile.ubuntu +++ b/images/golang/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:ubuntu # Run everything as root -USER root +USER 0 # Install go RUN curl -L "https://dl.google.com/go/go1.17.1.linux-amd64.tar.gz" | tar -C /usr/local -xzvf - @@ -15,4 +15,4 @@ ENV GOBIN $GOPATH/bin ENV PATH $PATH:$GOBIN # Set back to coder user -USER coder +USER 1000 diff --git a/images/intellij/Dockerfile.centos b/images/intellij/Dockerfile.centos index 95cb905..d40fe4d 100644 --- a/images/intellij/Dockerfile.centos +++ b/images/intellij/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-java:centos # Run everything as root -USER root +USER 0 # Packages required for multi-editor support RUN yum update -y && yum install -y \ @@ -21,4 +21,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=IIC&latest&distribution RUN ln -s /opt/idea/bin/idea.sh /usr/bin/intellij-idea-ultimate # Set back to coder user -USER coder +USER 1000 diff --git a/images/intellij/Dockerfile.ubuntu b/images/intellij/Dockerfile.ubuntu index 4074021..a366e42 100644 --- a/images/intellij/Dockerfile.ubuntu +++ b/images/intellij/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-java:ubuntu # Run everything as root -USER root +USER 0 # Packages required for multi-editor support RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y \ @@ -19,4 +19,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=IIC&latest&distribution RUN ln -s /opt/idea/bin/idea.sh /usr/bin/intellij-idea-community # Set back to coder user -USER coder +USER 1000 diff --git a/images/java/Dockerfile.centos b/images/java/Dockerfile.centos index 2a4974f..8444f43 100644 --- a/images/java/Dockerfile.centos +++ b/images/java/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:centos # Run everything as root -USER root +USER 0 # Install JDK (OpenJDK 8) RUN yum install -y java-1.8.0-openjdk-devel @@ -52,4 +52,4 @@ RUN mkdir -p /usr/share/gradle /usr/share/gradle/ref \ ENV PATH $PATH:$GRADLE_HOME/bin # Set back to coder user -USER coder +USER 1000 diff --git a/images/java/Dockerfile.ubuntu b/images/java/Dockerfile.ubuntu index a0ab2fc..b952969 100644 --- a/images/java/Dockerfile.ubuntu +++ b/images/java/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:ubuntu # Run everything as root -USER root +USER 0 # Install JDK (OpenJDK 8) RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y openjdk-11-jdk @@ -52,4 +52,4 @@ RUN mkdir -p /usr/share/gradle /usr/share/gradle/ref \ ENV PATH $PATH:$GRADLE_HOME/bin # Set back to coder user -USER coder +USER 1000 diff --git a/images/jupyter/Dockerfile.centos b/images/jupyter/Dockerfile.centos index 95a199c..9c0ba57 100644 --- a/images/jupyter/Dockerfile.centos +++ b/images/jupyter/Dockerfile.centos @@ -1,11 +1,11 @@ FROM codercom/enterprise-base:centos # Run everything as root -USER root +USER 0 # Install jupyter RUN pip3 install jupyter-core==4.7.1 && \ pip3 install jupyterlab # Set back to coder user -USER coder +USER 1000 diff --git a/images/jupyter/Dockerfile.ubuntu b/images/jupyter/Dockerfile.ubuntu index 85bded9..0b994c7 100644 --- a/images/jupyter/Dockerfile.ubuntu +++ b/images/jupyter/Dockerfile.ubuntu @@ -1,11 +1,11 @@ FROM codercom/enterprise-base:ubuntu # Run everything as root -USER root +USER 0 # Install jupyter RUN pip3 install jupyter-core==4.7.1 && \ pip3 install jupyterlab # Set back to coder user -USER coder +USER 1000 diff --git a/images/multieditor/Dockerfile.centos b/images/multieditor/Dockerfile.centos index eb1d323..82325bb 100644 --- a/images/multieditor/Dockerfile.centos +++ b/images/multieditor/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:centos # Run everything as root -USER root +USER 0 # Packages required for multi-editor support RUN yum update -y && yum install -y \ @@ -14,4 +14,4 @@ RUN yum update -y && yum install -y \ libGL # Set back to coder user -USER coder +USER 1000 diff --git a/images/multieditor/Dockerfile.ubuntu b/images/multieditor/Dockerfile.ubuntu index b144570..43e780b 100644 --- a/images/multieditor/Dockerfile.ubuntu +++ b/images/multieditor/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:ubuntu # Run everything as root -USER root +USER 0 # Packages required for multi-editor support RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y \ @@ -12,4 +12,4 @@ RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y \ libgtk-3-0 # Set back to coder user -USER coder +USER 1000 diff --git a/images/node/Dockerfile.centos b/images/node/Dockerfile.centos index df8ea9d..f5eadfe 100644 --- a/images/node/Dockerfile.centos +++ b/images/node/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:centos # Run everything as root -USER root +USER 0 # Install whichever Node version is LTS RUN curl -sL https://rpm.nodesource.com/setup_lts.x | bash - @@ -12,4 +12,4 @@ RUN curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum RUN yum install -y yarn # Set back to coder user -USER coder +USER 1000 diff --git a/images/node/Dockerfile.ubuntu b/images/node/Dockerfile.ubuntu index bdec854..274c150 100644 --- a/images/node/Dockerfile.ubuntu +++ b/images/node/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:ubuntu # Run everything as root -USER root +USER 0 # Install whichever Node version is LTS RUN curl -sL https://deb.nodesource.com/setup_lts.x | bash - @@ -13,4 +13,4 @@ RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources RUN DEBIAN_FRONTEND="noninteractive" apt-get update && apt-get install -y yarn # Set back to coder user -USER coder +USER 1000 diff --git a/images/pycharm/Dockerfile.centos b/images/pycharm/Dockerfile.centos index cdb948d..cf53452 100644 --- a/images/pycharm/Dockerfile.centos +++ b/images/pycharm/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-multieditor:centos # Run everything as root -USER root +USER 0 # Install pycharm. RUN mkdir -p /opt/pycharm @@ -11,4 +11,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=PCC&latest&distribution RUN ln -s /opt/pycharm/bin/pycharm.sh /usr/bin/pycharm-community # Set back to coder user -USER coder +USER 1000 diff --git a/images/pycharm/Dockerfile.ubuntu b/images/pycharm/Dockerfile.ubuntu index 7649199..a057321 100644 --- a/images/pycharm/Dockerfile.ubuntu +++ b/images/pycharm/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-multieditor:ubuntu # Run everything as root -USER root +USER 0 # Install pycharm. RUN mkdir -p /opt/pycharm @@ -11,4 +11,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=PCC&latest&distribution RUN ln -s /opt/pycharm/bin/pycharm.sh /usr/bin/pycharm-community # Set back to coder user -USER coder +USER 1000 diff --git a/images/ruby/Dockerfile.centos b/images/ruby/Dockerfile.centos index 6f8e8f4..c3b42e9 100644 --- a/images/ruby/Dockerfile.centos +++ b/images/ruby/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:centos # Run everything as root -USER root +USER 0 # Install OpenSSL library RUN yum install -y openssl-devel @@ -14,4 +14,4 @@ RUN chmod +x /tmp/install-ruby.sh && /tmp/install-ruby.sh RUN gem install bundler # Set back to coder user -USER coder +USER 1000 diff --git a/images/ruby/Dockerfile.ubuntu b/images/ruby/Dockerfile.ubuntu index 2c2d652..078cdf3 100644 --- a/images/ruby/Dockerfile.ubuntu +++ b/images/ruby/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-base:ubuntu # Run everything as root -USER root +USER 0 # Install OpenSSL library RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y libssl-dev @@ -11,4 +11,4 @@ COPY ./install-ruby.sh /tmp RUN chmod +x /tmp/install-ruby.sh && /tmp/install-ruby.sh # Set back to coder user -USER coder +USER 1000 diff --git a/images/vnc/Dockerfile.ubuntu b/images/vnc/Dockerfile.ubuntu index e62340c..025d04f 100644 --- a/images/vnc/Dockerfile.ubuntu +++ b/images/vnc/Dockerfile.ubuntu @@ -104,7 +104,7 @@ RUN $VNC_SETUP_SCRIPTS/set_user_permission.sh $VNC_ROOT_DIR \ COPY ["./coder", "/coder"] RUN chmod +x /coder/configure -USER coder +USER 1000 RUN $VNC_SETUP_SCRIPTS/no_vnc.sh diff --git a/images/webstorm/Dockerfile.centos b/images/webstorm/Dockerfile.centos index cef1617..0b4bee9 100644 --- a/images/webstorm/Dockerfile.centos +++ b/images/webstorm/Dockerfile.centos @@ -1,7 +1,7 @@ FROM codercom/enterprise-multieditor:centos # Run everything as root -USER root +USER 0 # Install webstorm. RUN mkdir -p /opt/webstorm @@ -11,4 +11,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=WS&latest&distribution= RUN ln -s /opt/webstorm/bin/webstorm.sh /usr/bin/webstorm # Set back to coder user -USER coder +USER 1000 diff --git a/images/webstorm/Dockerfile.ubuntu b/images/webstorm/Dockerfile.ubuntu index d187595..22ce96e 100644 --- a/images/webstorm/Dockerfile.ubuntu +++ b/images/webstorm/Dockerfile.ubuntu @@ -1,7 +1,7 @@ FROM codercom/enterprise-multieditor:ubuntu # Run everything as root -USER root +USER 0 # Install webstorm. RUN mkdir -p /opt/webstorm @@ -11,4 +11,4 @@ RUN curl -L "https://download.jetbrains.com/product?code=WS&latest&distribution= RUN ln -s /opt/webstorm/bin/webstorm.sh /usr/bin/webstorm # Set back to coder user -USER coder +USER 1000