From d72b49f4f3e37671a7e9fc566b2723bbd9fe3840 Mon Sep 17 00:00:00 2001 From: spwoodcock Date: Wed, 24 Jan 2024 13:04:21 +0000 Subject: [PATCH] build: update docker install script to handle root user --- scripts/setup/docker.sh | 77 ++++++++++++++++++++++++++++++++++------- 1 file changed, 64 insertions(+), 13 deletions(-) diff --git a/scripts/setup/docker.sh b/scripts/setup/docker.sh index 987a09801a..5631eefa60 100644 --- a/scripts/setup/docker.sh +++ b/scripts/setup/docker.sh @@ -1,8 +1,15 @@ #!/bin/bash +# Script installs Docker in rootless mode for the current user + # Tested for Debian 11 Bookworm & Ubuntu 22.04 LTS -# Note: this script must be run as a non-root user -# Note: The user must be logged in directly (not via su) + +# Note # +# This script must be run as any user other than 'root' +# However they must have 'sudo' access to run the script +# The user must also be logged in directly (not via su) +# +# If ran as root, the user fmtm is created instead pretty_echo() { local message="$1" @@ -113,18 +120,38 @@ apt_install_docker() { } check_user_not_root() { - pretty_echo "Use non-root user" - if [ "$(id -u)" -eq 0 ]; then - if id "fmtm" &>/dev/null; then - echo "Current user is root. Switching to existing non-privileged user 'fmtm'." + + pretty_echo "Use non-root user" + + echo "Current user is root." + echo "This script must run as a non-privileged user account." + echo + + if id "svcfmtm" &>/dev/null; then + echo "User 'svcfmtm' found." else - echo "Current user is root. Creating a non-privileged user 'fmtm'." - useradd -m -s /bin/bash fmtm + echo "Creating user 'svcfmtm'." + useradd -m -d /home/svcfmtm -s /bin/bash svcfmtm 2>/dev/null fi - echo "Rerunning this script as user 'fmtm'." - sudo -u fmtm bash -c "$0 $*" + echo + echo "Temporarily adding to sudoers list." + echo "svcfmtm ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/fmtm-sudoers >/dev/null + + # User called script directly, copy to /home/svcfmtm/docker.sh + root_script_path="$(readlink -f "$0")" + user_script_path="/home/svcfmtm/$(basename "$0")" + cp "$root_script_path" "$user_script_path" + chown svcfmtm:svcfmtm "$user_script_path" + chmod +x "$user_script_path" + + + echo + echo "Rerunning this script as user 'svcfmtm'." + echo + + sudo -u svcfmtm bash -c "${user_script_path} $*" exit 0 fi } @@ -138,8 +165,9 @@ update_to_rootless() { } restart_docker_rootless() { - heading_echo "Restarting Docker Service" + pretty_echo "Restarting Docker Service" echo "This is required as sometimes docker doesn't init correctly." + sleep 5 systemctl --user daemon-reload systemctl --user restart docker echo @@ -168,7 +196,7 @@ add_vars_to_bashrc() { # DOCKER_HOST must be added to the top of bashrc, as running non-interactively # Most distros exit .bashrc execution is non-interactive - heading_echo "Adding rootless DOCKER_HOST to bashrc" + pretty_echo "Adding rootless DOCKER_HOST to bashrc" user_id=$(id -u) docker_host_var="export DOCKER_HOST=unix:///run/user/$user_id/docker.sock" @@ -186,7 +214,7 @@ add_vars_to_bashrc() { echo "Done" echo - heading_echo "Adding dc='docker compose' alias" + pretty_echo "Adding dc='docker compose' alias" # Check if the alias already exists in user's .bashrc if ! grep -q "$dc_alias_cmd" ~/.bashrc; then @@ -205,6 +233,28 @@ add_vars_to_bashrc() { echo "Done" } +remove_from_sudoers() { + pretty_echo "Remove from sudoers" + + echo "This script installed docker for user svcfmtm" + echo + echo "The user will now have sudo access revoked" + echo + sudo rm /etc/sudoers.d/fmtm-sudoers + + echo + echo "You must exit (login or ssh) your session, then login as user svcfmtm" + echo + echo "You may need to add an authorized key for the user svcfmtm first:" + echo + echo " mkdir /home/svcfmtm/.ssh" + echo " cp ~/.ssh/authorized_keys /home/svcfmtm/.ssh/authorized_keys" + echo " chown svcfmtm:svcfmtm /home/svcfmtm/.ssh/authorized_keys" + echo " chmod 600 /home/svcfmtm/.ssh/authorized_keys" + echo + echo +} + install_docker() { check_os remove_old_docker_installs @@ -222,3 +272,4 @@ install_docker() { check_user_not_root "$@" trap cleanup_and_exit INT install_docker +remove_from_sudoers