Default to non-root user

2019-08-06 02:00:41 +00:00
parent 37533b4422
commit 0e761d7c45
3 changed files with 33 additions and 13 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -8,18 +8,31 @@ FROM php:7-cli
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive

+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
-    && apt-get -y install --no-install-recommends apt-utils 2>&1 \
+    && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
    #
    # Install git, procps, lsb-release (useful for CLI installs)
-    && apt-get -y install git procps lsb-release \
-	#
-	# Install xdebug
-	&& yes | pecl install xdebug \
-	&& echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
-	&& echo "xdebug.remote_enable=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
-	&& echo "xdebug.remote_autostart=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
+    && apt-get -y install git procps iproute2 lsb-release \
+    #
+    # Install xdebug
+    && yes | pecl install xdebug \
+    && echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
+    && echo "xdebug.remote_enable=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
+    && echo "xdebug.remote_autostart=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
+    #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Add sudo support for non-root user
+    && apt-get install -y sudo \
+    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    && chmod 0440 /etc/sudoers.d/$USERNAME \
    #
    # Clean up
    && apt-get autoremove -y \
@@ -27,6 +40,6 @@ RUN apt-get update \
    && rm -rf /var/lib/apt/lists/*

 # Switch back to dialog for any ad-hoc use of apt-get
-ENV DEBIAN_FRONTEND=dialog
+ENV DEBIAN_FRONTEND=


--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -8,5 +8,8 @@
 	],
 	"settings": {
 		"terminal.integrated.shell.linux": "/bin/bash"
-	}
+	},
+	// Comment out the next line to run as root instead. Linux users, 
+	// update Dockerfile with your user's UID/GID if not 1000.
+	"runArgs": [ "-u", "vscode" ]
 }
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@

 This is a sample project that lets you try out the **[VS Code Remote - Containers](https://aka.ms/vscode-remote/containers)** extension in a few easy steps.

-> **Note:** If you're following the quick start, you can jump to the [Things to try](#things-to-try) section. 
+> **Note:** If you're following the quick start, you can jump to the [Things to try](#things-to-try) section.

 ## Setting up the development container

@@ -10,7 +10,9 @@ Follow these steps to open this sample in a container:

 1. If this is your first time using a development container, please follow the [getting started steps](https://aka.ms/vscode-remote/containers/getting-started).

-2. If you're not yet in a development container:
+2. **Linux users:** Update `USER_UID` and `USER_GID` in `.devcontainer/Dockerfile` with your user UID/GID if not 1000 to avoid creating files as root.
+
+3. If you're not yet in a development container:
   - Clone this repository.
   - Press <kbd>F1</kbd> and select the **Remote-Containers: Open Folder in Container...** command.
   - Select the cloned copy of this folder, wait for the container to start, and try things out!
@@ -19,6 +21,8 @@ Follow these steps to open this sample in a container:

 Once you have this sample opened in a container, you'll be able to work with it like you would locally.

+> **Note:** This container runs as a non-root user with sudo access by default. Comment out `"runArgs": ["-u", "vscode"]` in `.devcontainer/devcontainer.json` if you'd prefer to run as root.
+
 Some things to try:

 1. **Edit:**
@@ -37,7 +41,7 @@ Some things to try:
   - Click "Open Browser" in the notification that appears to access the web app on this new port.
   - Look back at the terminal, and you should see the output from your site navigations
   - Edit the text on line 21 in `index.php` and refresh the page to see the changes immediately take affect
- 
+
 ## Contributing

 This project welcomes contributions and suggestions. Most contributions require you to agree to a