Split up the mapping of IDs from "runas".

Also have config files specify their user/group IDs for the commands.
2015-06-25 23:41:40 -04:00
parent 59a0e2a55c
commit 44f8af4a50
5 changed files with 118 additions and 78 deletions
--- a/runas.sh
+++ b/runas.sh
@@ -1,6 +1,5 @@
 #!/bin/bash

-USER=docker
 GROUP=docker

 #-----------------------------------------------------------------------------------------------------------------------
@@ -12,88 +11,32 @@ function ts {
 #-----------------------------------------------------------------------------------------------------------------------

 function process_args {
-  # These are meant to be globals.
-  UMAP=$1
-  GMAP=$2
-  UGID=$3
+  local USER_UID_GID=$1

-  for NAME_UID_GID in $UMAP
-  do
-    if [[ ! "$NAME_UID_GID" =~ ^[A-Za-z0-9._][-A-Za-z0-9._]*:[0-9]{1,}:[0-9]{1,}$ ]]
-    then
-      echo "UMAP value $NAME_UID_GID is not valid. It should be of the form <user name>:<uid>:<gid>"
-      exit 1
-    fi
-  done
-
-  for NAME_GID in $GMAP
-  do
-    if [[ ! "$NAME_GID" =~ ^[A-Za-z0-9._][-A-Za-z0-9._]*:[0-9]{1,}$ ]]
-    then
-      echo "GMAP value $NAME_GID is not valid. It should be of the form <group name>:<gid>"
-      exit 1
-    fi
-  done
-
-  if [[ ! "$UGID" =~ ^[0-9]{1,}:[0-9]{1,}$ ]]
+  if [[ ! "$USER_UID_GID" =~ ^[A-Za-z0-9._][-A-Za-z0-9._]*:[0-9]{1,}:[0-9]{1,}$ ]]
  then
-    echo "UGID value $UGID is not valid. It should be of the form <uid>:<gid>"
+    echo "USER_UID_GID value $USER_UID_GID is not valid. It should be of the form <user>:<uid>:<gid>"
    exit 1
  fi
-}

-#-----------------------------------------------------------------------------------------------------------------------
-
-function update_users {
-  local UMAP=$1
-
-  if [[ "$UMAP" == "" ]]; then return; fi
-
-  echo "$(ts) Updating existing users..."
-
-  for NAME_UID_GID in $UMAP
-  do
-    local NAME=${NAME_UID_GID%:*:*}
-    local USER_ID=${NAME_UID_GID#*:}
-    USER_ID=${USER_ID%:*}
-    local GROUP_ID=${NAME_UID_GID#*:*:}
-
-    echo "$(ts) Setting user \"$NAME\" to user ID=\"$USER_ID\" and default group ID=\"$GROUP_ID\""
-    usermod -o -u $USER_ID -g $GROUP_ID $NAME
-  done
-}
-
-#-----------------------------------------------------------------------------------------------------------------------
-
-function update_groups {
-  local GMAP=$1
-
-  if [[ "$GMAP" == "" ]]; then return; fi
-
-  echo "$(ts) Updating existing groups..."
-
-  for NAME_GID in $GMAP
-  do
-    local NAME=${NAME_GID%:*}
-    local GROUP_ID=${NAME_GID#*:}
-
-    echo "$(ts) Setting group \"$NAME\" to ID=\"$GROUP_ID\""
-    groupmod -o -g $GROUP_ID $NAME
-  done
+  # These are meant to be global.
+  USER=${USER_UID_GID%:*:*}
+  USER_ID=${USER_UID_GID#*:}
+  USER_ID=${USER_ID%:*}
+  GROUP_ID=${USER_UID_GID#*:*:}
 }

 #-----------------------------------------------------------------------------------------------------------------------

 function create_user {
-  local UGID=$1
-
-  # Create a new user with the proper user and group ID.
-  local USER_ID=${UGID%:*}
-  local GROUP_ID=${UGID#*:}
+  local USER=$1
+  local USER_ID=$2
+  local GROUP=$3
+  local GROUP_ID=$4

  echo "$(ts) Creating user \"$USER\" (ID $USER_ID) and group \"$GROUP\" (ID $GROUP_ID) to run the command..."

-  # We could be aliasing this new user to some existing user. Let's assume that's harmless.
+  # We could be aliasing this new user to some existing user. I assume that's harmless.
  groupadd -o -g $GROUP_ID $GROUP
  useradd -o -u $USER_ID -r -g $GROUP -d /home/$USER -s /sbin/nologin -c "Docker image user" $USER

@@ -105,12 +48,10 @@ function create_user {

 process_args "$@"

-# Shift off the args so that we can exec $@ below
-shift; shift; shift
+# Shift off the arg so that we can exec $@ below
+shift

-update_users "$UMAP"
-update_groups "$GMAP"
-create_user "$UGID"
+create_user $USER $USER_ID $GROUP $GROUP_ID

 echo "$(ts) Running command as user \"$USER\"..."
 exec /sbin/setuser $USER "$@"