🚧 This instance is under construction; expect occasional downtime. Runners available in /repos. Questions? Ask in #wikimedia-gitlab on libera.chat, or under GitLab on Phabricator.

Commit 459234d2 authored by Dduvall's avatar Dduvall
Browse files

user: Check for existing user/group before creating

To support scenarios where the `runs.as` or `lives.as` user/group
already exists in the base image, pair the calls to `useradd` and
`groupadd` with `getent` conditionals.

Bug: T268819
Change-Id: I3aef722ac57b38695c7411e64b41589fad16e95b
parent 642f9d0a
......@@ -48,8 +48,14 @@ func CreateDirectory(path string) Run {
//
func CreateUser(name string, uid uint, gid uint) []Run {
return []Run{
{"groupadd -o -g %s -r", []string{fmt.Sprint(gid), name}},
{"useradd -l -o -m -d %s -r -g %s -u %s", []string{homeDir(name), name, fmt.Sprint(uid), name}},
{
"(getent group %s || groupadd -o -g %s -r %s)",
[]string{fmt.Sprint(gid), fmt.Sprint(gid), name},
},
{
"(getent passwd %s || useradd -l -o -m -d %s -r -g %s -u %s %s)",
[]string{fmt.Sprint(uid), homeDir(name), name, fmt.Sprint(uid), name},
},
}
}
......
......@@ -47,8 +47,8 @@ func TestCreateUser(t *testing.T) {
i := build.CreateUser("foo", 123, 124)
if assert.Len(t, i, 2) {
assert.Equal(t, []string{`groupadd -o -g "124" -r "foo"`}, i[0].Compile())
assert.Equal(t, []string{`useradd -l -o -m -d "/home/foo" -r -g "foo" -u "123" "foo"`}, i[1].Compile())
assert.Equal(t, []string{`(getent group "124" || groupadd -o -g "124" -r "foo")`}, i[0].Compile())
assert.Equal(t, []string{`(getent passwd "123" || useradd -l -o -m -d "/home/foo" -r -g "foo" -u "123" "foo")`}, i[1].Compile())
}
}
......
......@@ -66,8 +66,14 @@ func TestLivesConfigInstructions(t *testing.T) {
t.Run("PhasePrivileged", func(t *testing.T) {
assert.Equal(t,
[]build.Instruction{build.RunAll{[]build.Run{
{"groupadd -o -g %s -r", []string{"223", "foouser"}},
{"useradd -l -o -m -d %s -r -g %s -u %s", []string{"/home/foouser", "foouser", "123", "foouser"}},
{
"(getent group %s || groupadd -o -g %s -r %s)",
[]string{"223", "223", "foouser"},
},
{
"(getent passwd %s || useradd -l -o -m -d %s -r -g %s -u %s %s)",
[]string{"123", "/home/foouser", "foouser", "123", "foouser"},
},
{"mkdir -p", []string{"/some/directory"}},
{"chown %s:%s", []string{"123", "223", "/some/directory"}},
{"mkdir -p", []string{"/opt/lib"}},
......
......@@ -54,8 +54,8 @@ func TestRunsConfigInstructions(t *testing.T) {
t.Run("PhasePrivileged", func(t *testing.T) {
assert.Equal(t,
[]build.Instruction{build.RunAll{[]build.Run{
{"groupadd -o -g %s -r", []string{"777", "someuser"}},
{"useradd -l -o -m -d %s -r -g %s -u %s", []string{"/home/someuser", "someuser", "666", "someuser"}},
{"(getent group %s || groupadd -o -g %s -r %s)", []string{"777", "777", "someuser"}},
{"(getent passwd %s || useradd -l -o -m -d %s -r -g %s -u %s %s)", []string{"666", "/home/someuser", "someuser", "666", "someuser"}},
}}},
cfg.InstructionsForPhase(build.PhasePrivileged),
)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment