From e9e814489e3a5ae8a79fa7d844fbf1191b7272b8 Mon Sep 17 00:00:00 2001
From: Masaki Muranaka <monaka@monami-ya.com>
Date: Thu, 20 Jun 2019 17:00:29 +0900
Subject: [PATCH] Refactor passwd/group related processes in
 `theia-endpoint-runtime`.

Signed-off-by: Masaki Muranaka <monaka@monami-ya.com>
---
 dockerfiles/theia-endpoint-runtime/Dockerfile | 12 +++++++----
 .../theia-endpoint-runtime/etc/entrypoint.sh  | 21 +++++++++++--------
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/dockerfiles/theia-endpoint-runtime/Dockerfile b/dockerfiles/theia-endpoint-runtime/Dockerfile
index 27baf53073..6763220f73 100644
--- a/dockerfiles/theia-endpoint-runtime/Dockerfile
+++ b/dockerfiles/theia-endpoint-runtime/Dockerfile
@@ -56,13 +56,17 @@ COPY --from=builder /home/workspace/node_modules /home/theia/node_modules
 RUN rm -rf /home/theia/node_modules/@eclipse-che/theia-plugin-ext /home/theia/node_modules/@eclipse-che/theia-remote
 COPY --from=builder /home/workspace/packages/theia-plugin-ext /home/theia/node_modules/@eclipse-che/theia-plugin-ext
 COPY --from=builder /home/workspace/packages/theia-remote/lib /home/theia/lib
+COPY --from=builder /.passwd.template /.passwd.template
+COPY --from=builder /.group.template /.group.template
+COPY --from=builder /etc/sudoers /etc/sudoers
+
 RUN mkdir /projects \
     # Store passwd/group as template files
-    && cat /etc/passwd | sed s#root:x.*#root:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/sh#g > ${HOME}/passwd.template \
-    && cat /etc/group | sed s#root:x:0:#root:x:0:0,\${USER_ID}:#g > ${HOME}/group.template \
     # Change permissions to let any arbitrary user
-    && for f in "${HOME}" "/etc/passwd" "/etc/group" "/projects"; do \
-        echo "Changing permissions on ${f}" && chgrp -R 0 ${f} && \
+    && sed -i -e 's/theia-dev/theia/g' /.passwd.template /.group.template
+    && for f in "${HOME}" /etc/passwd /etc/group /projects; do \
+        echo "Changing permissions on ${f}" && \
+        chgrp -R 0 ${f} && \
         chmod -R g+rwX ${f}; \
     done
 ADD etc/entrypoint.sh /entrypoint.sh
diff --git a/dockerfiles/theia-endpoint-runtime/etc/entrypoint.sh b/dockerfiles/theia-endpoint-runtime/etc/entrypoint.sh
index 1f85f5768c..0c6740ecdd 100755
--- a/dockerfiles/theia-endpoint-runtime/etc/entrypoint.sh
+++ b/dockerfiles/theia-endpoint-runtime/etc/entrypoint.sh
@@ -18,20 +18,23 @@ if ! grep -Fq "${USER_ID}" /etc/passwd; then
     # current user is an arbitrary
     # user (its uid is not in the
     # container /etc/passwd). Let's fix that
-    cat ${HOME}/passwd.template | \
-    sed "s/\${USER_ID}/${USER_ID}/g" | \
-    sed "s/\${GROUP_ID}/${GROUP_ID}/g" | \
-    sed "s/\${HOME}/\/home\/theia/g" > /etc/passwd
+    sed -e "s/\${USER_ID}/${USER_ID}/g" \
+        -e "s/\${GROUP_ID}/${GROUP_ID}/g" \
+        -e "s/\${HOME}/\/home\/theia/g" \
+        /.passwd.template > /etc/passwd
 
-    cat ${HOME}/group.template | \
-    sed "s/\${USER_ID}/${USER_ID}/g" | \
-    sed "s/\${GROUP_ID}/${GROUP_ID}/g" | \
-    sed "s/\${HOME}/\/home\/theia/g" > /etc/group
+    sed -e "s/\${USER_ID}/${USER_ID}/g" \
+        -e "s/\${GROUP_ID}/${GROUP_ID}/g" \
+        -e "s/\${HOME}/\/home\/theia/g"
+        /.group.template > /etc/group
 fi
 
 # Grant access to projects volume in case of non root user with sudo rights
 if [ "$(id -u)" -ne 0 ] && command -v sudo >/dev/null 2>&1 && sudo -n true > /dev/null 2>&1; then
-    sudo chown ${USER_ID}:${GROUP_ID} /projects
+    sudo chmod 644 /etc/passwd /etc/group
+    sudo chown root:root /etc/passwd /etc/group
+
+    sudo chown ${USER_ID}:${GROUP_ID} /projects "${HOME}"
 fi
 
 # SITTERM / SIGINT