Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow running zsh in container as a non-root user #27

Open
balancedscorpion opened this issue Jul 29, 2024 · 4 comments
Open

Allow running zsh in container as a non-root user #27

balancedscorpion opened this issue Jul 29, 2024 · 4 comments

Comments

@balancedscorpion
Copy link

Current Behavior

The current Oh My Zsh installation script for containers assumes that the user running zsh is root. This limits its flexibility in containerized environments where running as a non-root user is often preferred for security/other reasons.

Proposed Change
Modify the installation script to support running as a non-root user within a container. This would include:

  • Detecting whether the script is running as root or a non-root user.
  • Adjusting file and directory permissions accordingly.
  • Providing clear error messages if certain operations can't be performed due to lack of privileges.

Benefits

  • Improved security by allowing containers to run with user's and their privilege sets.
  • Greater flexibility for users who prefer or require non-root container execution.
  • Alignment with best practices for container security.

Additional Context
This was also requested by another user in the following comment: #23 (comment)
@deluan
Copy link
Owner

deluan commented Jul 29, 2024

You should be able to install the script as a non-root user. See this comment from the README for more info:

If you are using a non-root user, make sure to install the sudo package OR to install git and curl packages before calling this script. In case sudo access is an issue and you already have zsh, git and curl, you can use the option -x to skip the installations.

@balancedscorpion balancedscorpion mentioned this issue Jul 29, 2024
Open
@balancedscorpion
Copy link
Author

balancedscorpion commented Jul 29, 2024
edited
Loading

@deluan this is not to run the Docker script as a non-root user, or access zsh as a non-root, but to install zsh within a non-root user's profile.

In other words, consider the scenario where the user does not have access to the root user's home directory. Then the existing script will not work (since the current script stores zsh files within $HOME).

I followed the part of the README.md you have shared in my example, where my user didn't have root access, and while the script runs, this still installed zsh within root user in a non-accessible part of the machine.

This issue proposed to fix this (and associated PR is opened to solve it).

@deluan
Copy link
Owner

deluan commented Jul 30, 2024

I see... Well, keep in mind that the su command may not be available in all base images...
For that same reason, we will need to cover your changes with tests. Maybe create a new test_suite in test.sh.

@balancedscorpion
Copy link
Author

balancedscorpion commented Jul 30, 2024
edited
Loading

Thanks. I've updated test.sh.
All the tests now pass (except CENTOS7, which I've also removed in this branch) in the final commit.

Notes (for testing purposes only):

  • The add user command runs differently on different distributions.
  • The amazon docker file didn't appear to have the add user for the purposes of testing.

In order to solve these I've added two functions to the test suite:

  1. Identify the os / distribution
  2. Create user logic that will allow testing out the -u command with a newly created user for each distribution.

All tests are now passing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deluan @balancedscorpion