Skip to content

Commit de4cd88

Browse files
vmcjvmcj
committed
Set the user/group to well known id
1 parent 79cdae7 commit de4cd88

File tree

2 files changed

+19
-1
lines changed

2 files changed

+19
-1
lines changed

docker/domserver/Dockerfile

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,14 @@ RUN apt-get update \
6060
ca-certificates python3-yaml python3-requests \
6161
&& rm -rf /var/lib/apt/lists/*
6262

63+
# Check the UID and GID of the domjudge user are the same as in the previous build stage
64+
# (otherwise the COPY directives below won't set the correct ownership)
65+
COPY --from=domserver-build /etc/passwd /tmp/domserver-build-etc-passwd
66+
RUN sed -i -n '/^domjudge:/p' /tmp/domserver-build-etc-passwd \
67+
&& sed -n '/^domjudge:/p' /etc/passwd | diff /tmp/domserver-build-etc-passwd - \
68+
|| { echo "error: UID/GID of 'domjudge' differ from previous build stage; they must be the same for COPY to work" >&2; exit 1; } \
69+
&& rm /tmp/domserver-build-etc-passwd
70+
6371
# Copy domserver
6472
COPY --from=domserver-build /opt/domjudge/domserver /opt/domjudge/domserver
6573
COPY --from=domserver-build /opt/domjudge/doc /opt/domjudge/doc

docker/judgehost/Dockerfile

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@ ENV DEBIAN_FRONTEND=noninteractive \
1111
RUN_USER_UID_GID=62860
1212

1313
# Set up user
14-
RUN useradd -m domjudge
14+
RUN groupadd domjudge -g2004
15+
RUN useradd -m domjudge -u2004 -g2004
1516

1617
# Install required packages for running of judgehost
1718
RUN apt-get update \
@@ -28,6 +29,15 @@ ADD chroot.tar.gz /
2829
ADD judgehost.tar.gz /
2930
RUN cp /opt/domjudge/judgehost/etc/sudoers-domjudge /etc/sudoers.d/
3031

32+
# Check that the ownership of some well-known directory is correctly set to "domjudge"
33+
# (the ownership will be incorrect if the UID is different in the .tar.gz archives from the previous build stage, added above)
34+
RUN current_uid="$(id -u domjudge)" \
35+
&& archive_uid="$(stat -c %u /opt/domjudge/judgehost/run)" \
36+
&& [ "$current_uid" = "$archive_uid" ] \
37+
|| { echo "error: expected owner UID of /opt/domjudge/judgehost/run to be $current_uid (domjudge), but it is $archive_uid ($(id -un "$archive_uid" || echo no such user))" >&2; \
38+
echo "hint: check that the UID of user 'domjudge' is the same in both build stages" >&2; \
39+
exit 1; }
40+
3141
# Add scripts
3242
COPY judgehost/scripts /scripts/
3343

0 commit comments

Comments
 (0)