feat(lang): Change user (#153)

* feat: Change user Signed-off-by: Ce Gao <cegao@tensorchord.ai> * fix: Add sudo and git Signed-off-by: Ce Gao <cegao@tensorchord.ai>
tensorchord · May 17, 2022 · 33cdee2 · 33cdee2
1 parent 0804dc7
commit 33cdee2
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 9 deletions.
diff --git a/cmd/envd/up.go b/cmd/envd/up.go
@@ -135,7 +135,7 @@ func up(clicontext *cli.Context) error {
  logrus.Debugf("container %s is running", containerID)
 
  sshClient, err := ssh.NewClient(
- containerIP, "root", 2222, clicontext.Bool("auth"), clicontext.Path("private-key"), "")
+ containerIP, "envd", 2222, clicontext.Bool("auth"), clicontext.Path("private-key"), "")
  if err != nil {
  return err
  }

diff --git a/pkg/docker/docker.go b/pkg/docker/docker.go
@@ -180,7 +180,7 @@ func (c generalClient) StartEnvd(ctx context.Context, tag, name, buildContext st
  ExposedPorts: nat.PortSet{},
  }
  base := fileutil.Base(buildContext)
- base = fmt.Sprintf("/root/%s", base)
+ base = fmt.Sprintf("/home/envd/%s", base)
  config.WorkingDir = base
 
  mountOption := make([]mount.Mount, len(mountOptionsStr)+1)

diff --git a/pkg/lang/ir/graph.go b/pkg/lang/ir/graph.go
@@ -43,6 +43,7 @@ func NewGraph() *Graph {
  "curl",
  "openssh-client",
  "git",
+ "sudo",
  },
 
  PyPIPackages: []string{},
@@ -118,10 +119,17 @@ func (g Graph) Compile() (llb.State, error) {
 }
 
 func (g *Graph) compileBase() llb.State {
+ var base llb.State
  if g.CUDA == nil && g.CUDNN == nil {
- return llb.Image("docker.io/library/python:3.8")
+ base = llb.Image("docker.io/library/python:3.8")
  }
- return g.compileCUDAPackages()
+ base = g.compileCUDAPackages()
+ // TODO(gaocegege): Refactor user to a seperate stage.
+ run := base.
+ Run(llb.Shlex("groupadd -g 1000 envd")).
+ Run(llb.Shlex("useradd -p \"\" -u 1000 -g envd -s /bin/sh -m envd")).
+ Run(llb.Shlex("adduser envd sudo"))
+ return llb.User("envd")(run.Root())
 }
 
 func (g *Graph) compileCUDAPackages() llb.State {
@@ -154,7 +162,7 @@ func (g Graph) compilePyPIPackages(root llb.State) llb.State {
  sb.WriteString(fmt.Sprintf(" %s", pkg))
  }
 
- cacheDir := "/root/.cache/pip"
+ cacheDir := "/home/envd/.cache/pip"
 
  run := root.Run(llb.Shlex(sb.String()))
  run.AddMount(cacheDir, llb.Scratch(),
@@ -242,7 +250,7 @@ func (g Graph) compileVSCode() (*llb.State, error) {
  }
  ext := llb.Scratch().File(llb.Copy(llb.Local(flag.FlagCacheDir),
  vscodeClient.PluginPath(p),
- "/root/.vscode-server/extensions/"+p.String(),
+ "/home/envd/.vscode-server/extensions/"+p.String(),
  &llb.CopyInfo{CreateDestPath: true}))
  inputs = append(inputs, ext)
  }
@@ -280,7 +288,7 @@ func (g Graph) compilePyPIMirror(root llb.State) llb.State {
 }
 
 func (g Graph) compileZSH(root llb.State) (llb.State, error) {
- installPath := "/root/install.sh"
+ installPath := "/home/envd/install.sh"
  m := shell.NewManager()
  g.Writer.LogZSH(compileui.ActionStart, false)
  if cached, err := m.DownloadOrCache(); err != nil {
@@ -289,7 +297,7 @@ func (g Graph) compileZSH(root llb.State) (llb.State, error) {
  g.Writer.LogZSH(compileui.ActionEnd, cached)
  }
  zshStage := root.
- File(llb.Copy(llb.Local(flag.FlagCacheDir), "oh-my-zsh", "/root/.oh-my-zsh",
+ File(llb.Copy(llb.Local(flag.FlagCacheDir), "oh-my-zsh", "/home/envd/.oh-my-zsh",
  &llb.CopyInfo{CreateDestPath: true})).
  File(llb.Mkfile(installPath, 0644, []byte(m.InstallScript())))
  run := zshStage.Run(llb.Shlex(fmt.Sprintf("bash %s", installPath)))

diff --git a/pkg/shell/install.sh b/pkg/shell/install.sh
@@ -48,7 +48,7 @@ USER=${USER:-$(id -u -n)}
 HOME="${HOME:-$(getent passwd $USER 2>/dev/null | cut -d: -f6)}"
 # macOS does not have getent, but this works even if $HOME is unset
 HOME="${HOME:-$(eval echo ~$USER)}"
-
+HOME="/home/envd"
 
 # Track if $ZSH was provided
 custom_zsh=${ZSH:+yes}