diff --git a/README.md b/README.md index 611ae0709..72996dbb6 100644 --- a/README.md +++ b/README.md @@ -161,6 +161,7 @@ Tools: * `touch(1)` * `unlink(1)` * `useradd(8)` +* `usermod(8)` Paths: * `/etc/host.conf`: optional, if present not a bind mount diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go index 8c56285b1..169153310 100644 --- a/src/cmd/initContainer.go +++ b/src/cmd/initContainer.go @@ -234,49 +234,22 @@ func initContainer(cmd *cobra.Command, args []string) error { } if _, err := user.Lookup(initContainerFlags.user); err != nil { - if initContainerFlags.homeLink { - if err := redirectPath("/home", "/var/home", true); err != nil { - return err - } - } - - sudoGroup, err := utils.GetGroupForSudo() - if err != nil { - return fmt.Errorf("failed to get group for sudo: %w", err) - } - - logrus.Debugf("Adding user %s with UID %d:", initContainerFlags.user, initContainerFlags.uid) - - useraddArgs := []string{ - "--home-dir", initContainerFlags.home, - "--no-create-home", - "--shell", initContainerFlags.shell, - "--uid", fmt.Sprint(initContainerFlags.uid), - "--groups", sudoGroup, + if err := configureUsers(initContainerFlags.uid, initContainerFlags.user, + initContainerFlags.home, + initContainerFlags.shell, + initContainerFlags.homeLink, + false); err != nil { + return err } - - logrus.Debug("useradd") - for _, arg := range useraddArgs { - logrus.Debugf("%s", arg) - } - - if err := shell.Run("useradd", nil, nil, nil, useraddArgs...); err != nil { - return fmt.Errorf("failed to add user %s with UID %d", - initContainerFlags.user, - initContainerFlags.uid) - } - - logrus.Debugf("Removing password for user %s", initContainerFlags.user) - - if err := shell.Run("passwd", nil, nil, nil, "--delete", initContainerFlags.user); err != nil { - return fmt.Errorf("failed to remove password for user %s", initContainerFlags.user) - } - - logrus.Debug("Removing password for user root") - - if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil { - return errors.New("failed to remove password for root") + } else { + if err := configureUsers(initContainerFlags.uid, + initContainerFlags.user, + initContainerFlags.home, + initContainerFlags.shell, + initContainerFlags.homeLink, + true); err != nil { + return err } } @@ -372,6 +345,77 @@ func initContainerHelp(cmd *cobra.Command, args []string) { } } +func configureUsers(targetUserUid int, + targetUser, targetUserHome, targetUserShell string, + homeLink, targetUserExists bool) error { + if homeLink { + if err := redirectPath("/home", "/var/home", true); err != nil { + return err + } + } + + sudoGroup, err := utils.GetGroupForSudo() + if err != nil { + return fmt.Errorf("failed to get group for sudo: %w", err) + } + + if targetUserExists { + logrus.Debugf("Modifying user %s with UID %d:", targetUser, targetUserUid) + + usermodArgs := []string{ + "--append", + "--groups", sudoGroup, + "--home", targetUserHome, + "--shell", targetUserShell, + "--uid", fmt.Sprint(targetUserUid), + targetUser, + } + + logrus.Debug("usermod") + for _, arg := range usermodArgs { + logrus.Debugf("%s", arg) + } + + if err := shell.Run("usermod", nil, nil, nil, usermodArgs...); err != nil { + return fmt.Errorf("failed to modify user %s with UID %d", targetUser, targetUserUid) + } + } else { + logrus.Debugf("Adding user %s with UID %d:", targetUser, targetUserUid) + + useraddArgs := []string{ + "--groups", sudoGroup, + "--home-dir", targetUserHome, + "--no-create-home", + "--shell", targetUserShell, + "--uid", fmt.Sprint(targetUserUid), + targetUser, + } + + logrus.Debug("useradd") + for _, arg := range useraddArgs { + logrus.Debugf("%s", arg) + } + + if err := shell.Run("useradd", nil, nil, nil, useraddArgs...); err != nil { + return fmt.Errorf("failed to add user %s with UID %d", targetUser, targetUserUid) + } + } + + logrus.Debugf("Removing password for user %s", targetUser) + + if err := shell.Run("passwd", nil, nil, nil, "--delete", targetUser); err != nil { + return fmt.Errorf("failed to remove password for user %s", targetUser) + } + + logrus.Debug("Removing password for user root") + + if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil { + return errors.New("failed to remove password for root") + } + + return nil +} + func mountBind(containerPath, source, flags string) error { fi, err := os.Stat(source) if err != nil {