From ee0c7f09b3244d9c521acbe504974f5c2eaa9b3f Mon Sep 17 00:00:00 2001 From: Matthew Penner Date: Sat, 2 Jan 2021 12:58:58 -0700 Subject: [PATCH] Fix user problems when running inside of Docker --- .dockerignore | 6 +++++ Dockerfile | 9 +------ config/config.go | 50 +++++++++++++++++++++++++++++++------- docker-compose.example.yml | 6 ++++- 4 files changed, 53 insertions(+), 18 deletions(-) diff --git a/.dockerignore b/.dockerignore index 2fb60d7..67014b8 100644 --- a/.dockerignore +++ b/.dockerignore @@ -48,3 +48,9 @@ debug .DS_Store *.pprof *.pdf + +Dockerfile +CHANGELOG.md +Makefile +README.md +wings-api.paw diff --git a/Dockerfile b/Dockerfile index d8ce60a..f486312 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,14 +26,7 @@ RUN upx wings # Stage 2 (Final) FROM busybox:1.32.0 -LABEL org.opencontainers.image.title="Wings" -LABEL org.opencontainers.image.version="$VERSION" -LABEL org.opencontainers.image.description="The server control plane for Pterodactyl Panel. Written from the ground-up with security, speed, and stability in mind." -LABEL org.opencontainers.image.url="https://pterodactyl.io" -LABEL org.opencontainers.image.documentation="https://pterodactyl.io/project/introduction.html" -LABEL org.opencontainers.image.vendor="Pterodactyl Software" -LABEL org.opencontainers.image.source="https://github.com/pterodactyl/wings" -LABEL org.opencontainers.image.licenses="MIT" +RUN echo "ID=\"busybox\"" > /etc/os-release COPY --from=builder /app/wings /usr/bin/ diff --git a/config/config.go b/config/config.go index 4098bbf..1b3fc4d 100644 --- a/config/config.go +++ b/config/config.go @@ -223,6 +223,36 @@ func (c *Configuration) GetPath() string { // If files are not owned by this user there will be issues with permissions on Docker // mount points. func (c *Configuration) EnsurePterodactylUser() (*user.User, error) { + sysName, err := getSystemName() + if err != nil { + return nil, err + } + + // Our way of detecting if wings is running inside of Docker. + if sysName == "busybox" { + uid := os.Getenv("WINGS_UID") + if uid == "" { + uid = "988" + } + + gid := os.Getenv("WINGS_GID") + if gid == "" { + gid = "988" + } + + username := os.Getenv("WINGS_USERNAME") + if username == "" { + username = "pterodactyl" + } + + u := &user.User{ + Uid: uid, + Gid: gid, + Username: username, + } + return u, c.setSystemUser(u) + } + u, err := user.Lookup(c.System.Username) // If an error is returned but it isn't the unknown user error just abort @@ -233,17 +263,12 @@ func (c *Configuration) EnsurePterodactylUser() (*user.User, error) { return nil, err } - sysName, err := getSystemName() - if err != nil { - return nil, err - } - - command := fmt.Sprintf("useradd --system --no-create-home --shell /bin/false %s", c.System.Username) + command := fmt.Sprintf("useradd --system --no-create-home --shell /usr/sbin/nologin %s", c.System.Username) // Alpine Linux is the only OS we currently support that doesn't work with the useradd command, so // in those cases we just modify the command a bit to work as expected. if strings.HasPrefix(sysName, "alpine") { - command = fmt.Sprintf("adduser -S -D -H -G %[1]s -s /bin/false %[1]s", c.System.Username) + command = fmt.Sprintf("adduser -S -D -H -G %[1]s -s /sbin/nologin %[1]s", c.System.Username) // We have to create the group first on Alpine, so do that here before continuing on // to the user creation process. @@ -267,8 +292,15 @@ func (c *Configuration) EnsurePterodactylUser() (*user.User, error) { // Set the system user into the configuration and then write it to the disk so that // it is persisted on boot. func (c *Configuration) setSystemUser(u *user.User) error { - uid, _ := strconv.Atoi(u.Uid) - gid, _ := strconv.Atoi(u.Gid) + uid, err := strconv.Atoi(u.Uid) + if err != nil { + return err + } + + gid, err := strconv.Atoi(u.Gid) + if err != nil { + return err + } c.Lock() c.System.Username = u.Username diff --git a/docker-compose.example.yml b/docker-compose.example.yml index e1baee5..45c0c67 100644 --- a/docker-compose.example.yml +++ b/docker-compose.example.yml @@ -1,4 +1,5 @@ version: '3.8' + services: wings: image: ghcr.io/pterodactyl/wings:latest @@ -11,7 +12,9 @@ services: tty: true environment: TZ: "UTC" - DEBUG: "false" + WINGS_UID: 988 + WINGS_GID: 988 + WINGS_USERNAME: pterodactyl volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "/var/lib/docker/containers/:/var/lib/docker/containers/" @@ -23,6 +26,7 @@ services: #- "/srv/daemon-data/:/srv/daemon-data/" # Required for ssl if you user let's encrypt. uncomment to use. #- "/etc/letsencrypt/:/etc/letsencrypt/" + networks: wings0: name: wings0