micro-integrator icon indicating copy to clipboard operation
micro-integrator copied to clipboard

Published 20 hours ago verified publisher icon wso2

Incorrect use of addgroup and adduser in Alpine Dockerfile

Open tompittson opened this issue 5 years ago • 0 comments

Description: The alpine based image uses incorrect options for addgroup and adduser which result in the user being a member of "nogroup" instead of the "wso2" group.

Suggested Labels: bug

Suggested Assignees:

Affected Product Version: 1.2.0

OS, DB, other environment details and versions:
alpine docker image

Steps to reproduce:

docker run --entrypoint=sh -it wso2/wso2mi:1.2.0

$ whoami
wso2carbon
$ groups
nogroup

The command line arguments for addgroup and adduser on alpine are:

/home/wso2carbon # addgroup
BusyBox v1.30.1 (2019-06-12 17:51:55 UTC) multi-call binary.

Usage: addgroup [-g GID] [-S] [USER] GROUP

Add a group or add a user to a group

	-g GID	Group id
	-S	Create a system group
/home/wso2carbon # adduser
BusyBox v1.30.1 (2019-06-12 17:51:55 UTC) multi-call binary.

Usage: adduser [OPTIONS] USER [GROUP]

Create new user, or add USER to GROUP

	-h DIR		Home directory
	-g GECOS	GECOS field
	-s SHELL	Login shell
	-G GRP		Group
	-S		Create a system user
	-D		Don't assign a password
	-H		Don't create home directory
	-u UID		User id
	-k SKEL		Skeleton directory (/etc/skel)

In the Dockerfile for alpine it currently executes:

# create the user and group
RUN \
    addgroup --system -g ${USER_GROUP_ID} ${USER_GROUP} \
    && adduser --system --home ${USER_HOME} -g ${USER_GROUP_ID} -u ${USER_ID} ${USER}

Based on the command line options for the alpine (busybox) versions of addgroup and adduser the commands should be similar to:

# create the user and group
RUN \
    addgroup -S -g ${USER_GROUP_ID} ${USER_GROUP} \
    && adduser -S -h ${USER_HOME} -G ${USER_GROUP_ID} -u ${USER_ID} ${USER}

Related Issues:

tompittson avatar Nov 03 '20 11:11 tompittson

@marekdedic At this time, WPCS uses non-WP specific documentation sniffs which don't take things like translators comments into account properly.

For the more commonly used /* ... */ style for translators comments, you'll find that you will not get an error about the end character not being punctuation. However, for the (less common) // ...-style translators comments, you will receive this error for now, until WPCS has its own set of documentation sniffs.

Does that help ?

jrfnl avatar Jul 08 '19 00:07 jrfnl

Hi, I can confirm that this is a functioning workaround for the issue.

As far as I am concerned, this is just that - a workaround, not a solution. But I get that this depends on a lot of moving parts... Just wanted to say please don't close the issue as solved, until it really is (and other people might find your comment helpful as well...).

Thanks for the feedback.

marekdedic avatar Jul 14 '19 19:07 marekdedic

@marekdedic No worries, not closing this (yet), though you may be interested in this issue: #1760, which was partially inspired by your question.

jrfnl avatar Jul 14 '19 22:07 jrfnl