templates/go
Template
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Default to a non-root user

Browse Source
This commit is contained in:
Chuck Lantz
2019-08-05 23:30:46 +00:00
parent 61d09d1203
commit 0ba75c2592
3 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.devcontainer/Dockerfile
View File

@@ -8,9 +8,14 @@ FROM golang:1
# Avoid warnings by switching to noninteractive # Avoid warnings by switching to noninteractive
ENV DEBIAN_FRONTEND=noninteractive ENV DEBIAN_FRONTEND=noninteractive
# Or your actual UID, GID on Linux if not the default 1000
ARG USERNAME=vscode
ARG USER_UID=1000
ARG USER_GID=$USER_UID
# Configure apt, install packages and tools # Configure apt, install packages and tools
RUN apt-get update \ RUN apt-get update \
&& apt-get -y install --no-install-recommends apt-utils 2>&1 \ && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
# #
# Verify git, process tools, lsb-release (common in install instructions for CLIs) installed # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed
&& apt-get -y install git procps lsb-release \ && apt-get -y install git procps lsb-release \
@@ -46,6 +51,14 @@ RUN apt-get update \
github.com/mgechev/revive \ github.com/mgechev/revive \
github.com/derekparker/delve/cmd/dlv 2>&1 \ github.com/derekparker/delve/cmd/dlv 2>&1 \
# #
# Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
&& groupadd --gid $USER_GID $USERNAME \
&& useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
# [Optional] Add sudo support
&& apt-get install -y sudo \
&& echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
&& chmod 0440 /etc/sudoers.d/$USERNAME \
#
# Clean up # Clean up
&& apt-get autoremove -y \ && apt-get autoremove -y \
&& apt-get clean -y \ && apt-get clean -y \

8
.devcontainer/devcontainer.json
View File

@@ -6,9 +6,11 @@
"ms-vscode.go" "ms-vscode.go"
], ],
"runArgs": [ "runArgs": [
"--cap-add=SYS_PTRACE", // Comment out the next line to run as root instead. Linux users,
"--security-opt", // update Dockerfile with your user's UID/GID if not 1000.
"seccomp=unconfined" "-u", "vscode",
"--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined"
], ],
"settings": { "settings": {
"go.gopath": "/go", "go.gopath": "/go",

6
README.md
View File

@@ -10,7 +10,9 @@ Follow these steps to open this sample in a container:
1. If this is your first time using a development container, please follow the [getting started steps](https://aka.ms/vscode-remote/containers/getting-started). 1. If this is your first time using a development container, please follow the [getting started steps](https://aka.ms/vscode-remote/containers/getting-started).
2. If you're not yet in a development container: 2. **Linux users:** Update `USER_UID` and `USER_GID` in `.devcontainer/Dockerfile` with your user UID/GID if not 1000 to avoid creating files as root.
3. If you're not yet in a development container:
- Clone this repository. - Clone this repository.
- Press <kbd>F1</kbd> and select the **Remote-Containers: Open Folder in Container...** command. - Press <kbd>F1</kbd> and select the **Remote-Containers: Open Folder in Container...** command.
- Select the cloned copy of this folder, wait for the container to start, and try things out! - Select the cloned copy of this folder, wait for the container to start, and try things out!
@@ -19,6 +21,8 @@ Follow these steps to open this sample in a container:
Once you have this sample opened in a container, you'll be able to work with it like you would locally. Once you have this sample opened in a container, you'll be able to work with it like you would locally.
> **Note:** This container runs as a non-root user with sudo access by default. Comment out `"-u", "vscode"` in `.devcontainer/devcontainer.json` if you'd prefer to run as root.
Some things to try: Some things to try:
1. **Edit:** 1. **Edit:**