Merge branch 'trs/non-root-user-trois'

tsibley · tsibley · commit f74b89a0e65d · 2022-10-13T15:06:00.000-07:00
diff --git a/Dockerfile b/Dockerfile
@@ -145,6 +145,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
         less \
         perl \
         ruby \
+        util-linux \
         wget \
         xz-utils \
         zip unzip \
@@ -266,6 +267,7 @@ RUN useradd nextstrain \
 
 # The host should bind mount the pathogen build dir into /nextstrain/build.
 WORKDIR /nextstrain/build
+RUN chown nextstrain:nextstrain /nextstrain/build
 
 ENTRYPOINT ["/sbin/entrypoint"]
 
diff --git a/entrypoint b/entrypoint
@@ -17,6 +17,11 @@ if [[ $# -eq 0 ]]; then
         the source of the \`nextstrain\` command for examples.
     "
 else
-    # Otherwise, exec into whatever command is provided.
-    exec "$@"
+    # Otherwise, exec into whatever command is provided…
+    if [[ "$(id -u):$(id -g)" == 0:0 ]]; then
+        # …switching to nextstrain:nextstrain first if we're root.
+        exec setpriv --reuid nextstrain --regid nextstrain --init-groups "$@"
+    else
+        exec "$@"
+    fi
 fi
