-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use heredocs for multi-line script.
- Loading branch information
Showing
1 changed file
with
76 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
# syntax=docker/dockerfile:1.4 | ||
FROM rubensa/ubuntu-tini | ||
LABEL author="Ruben Suarez <[email protected]>" | ||
|
||
|
@@ -18,91 +19,107 @@ ENV GROUP_NAME=${GROUP_NAME} | |
|
||
# Since ubuntu:23.04 a non-root "ubuntu" user is created by default with UID=1000 | ||
# Let's remove it to avoid conflicts | ||
RUN echo "# Removing default 'ubuntu' user..." \ | ||
# | ||
# avoid "userdel: ubuntu mail spool (/var/mail/ubuntu) not found" warning | ||
&& touch /var/mail/ubuntu \ | ||
&& chown ubuntu /var/mail/ubuntu \ | ||
# | ||
# remove user | ||
&& userdel -r ubuntu | ||
RUN <<EOT | ||
echo "# Removing default 'ubuntu' user..." | ||
# | ||
# avoid "userdel: ubuntu mail spool (/var/mail/ubuntu) not found" warning | ||
touch /var/mail/ubuntu | ||
chown ubuntu /var/mail/ubuntu | ||
# | ||
# remove user | ||
userdel -r ubuntu | ||
EOT | ||
|
||
# Create a non-root user with custom group | ||
RUN echo "# Creating group '${GROUP_NAME}' (${GROUP_ID})..." \ | ||
&& groupadd --gid ${GROUP_ID} ${GROUP_NAME} \ | ||
&& echo "# Creating user '${USER_NAME}' (${USER_ID}) and adding it to '${GROUP_NAME}'..." \ | ||
&& useradd --uid ${USER_ID} --gid ${GROUP_NAME} --home /home/${USER_NAME} --create-home --shell /bin/bash ${USER_NAME} \ | ||
&& passwd -d ${USER_NAME} \ | ||
# | ||
# Create some user directories | ||
&& echo "# Creating directories '.config' and '.local/bin' under user HOME directory..." \ | ||
&& mkdir -p /home/${USER_NAME}/.config \ | ||
&& mkdir -p /home/${USER_NAME}/.local/bin \ | ||
&& chown -R ${USER_NAME}:${GROUP_NAME} /home/${USER_NAME} \ | ||
# | ||
# Set default non-root user umask to 002 to give group all file permissions (interactive non-login shell) | ||
# Allow override by setting UMASK_SET environment variable | ||
&& echo "# Configuring defult user mask (${UMASK_SET:-002})..." \ | ||
&& printf "\nUMASK_SET=\${UMASK_SET:-002}\numask \"\${UMASK_SET}\"\n" >> /home/${USER_NAME}/.bashrc | ||
RUN <<EOT | ||
echo "# Creating group '${GROUP_NAME}' (${GROUP_ID})..." | ||
groupadd --gid ${GROUP_ID} ${GROUP_NAME} | ||
echo "# Creating user '${USER_NAME}' (${USER_ID}) and adding it to '${GROUP_NAME}'..." | ||
useradd --uid ${USER_ID} --gid ${GROUP_NAME} --home /home/${USER_NAME} --create-home --shell /bin/bash ${USER_NAME} | ||
passwd -d ${USER_NAME} | ||
# | ||
# Create some user directories | ||
echo "# Creating directories '.config' and '.local/bin' under user HOME directory..." | ||
mkdir -p /home/${USER_NAME}/.config | ||
mkdir -p /home/${USER_NAME}/.local/bin | ||
chown -R ${USER_NAME}:${GROUP_NAME} /home/${USER_NAME} | ||
# | ||
# Set default non-root user umask to 002 to give group all file permissions (interactive non-login shell) | ||
# Allow override by setting UMASK_SET environment variable | ||
echo "# Configuring defult user mask (${UMASK_SET:-002})..." | ||
printf "\nUMASK_SET=\${UMASK_SET:-002}\numask \"\${UMASK_SET}\"\n" >> /home/${USER_NAME}/.bashrc | ||
EOT | ||
|
||
# fixuid version to install (https://github.com/boxboat/fixuid/releases) | ||
ARG FIXUID_VERSION=0.6.0 | ||
# Add fixuid | ||
ADD https://github.com/boxboat/fixuid/releases/download/v${FIXUID_VERSION}/fixuid-${FIXUID_VERSION}-linux-${TARGETARCH}.tar.gz /tmp/fixuid-linux.tar.gz | ||
# Install fixuid | ||
RUN echo "# Installing fixuid..." \ | ||
&& tar -C /sbin -xzf /tmp/fixuid-linux.tar.gz \ | ||
&& rm /tmp/fixuid-linux.tar.gz \ | ||
&& chown root:root /sbin/fixuid \ | ||
&& chmod 4755 /sbin/fixuid \ | ||
&& mkdir -p /etc/fixuid \ | ||
# | ||
# Configure fixuid to fix user home folder | ||
&& printf "user: ${USER_NAME}\ngroup: ${GROUP_NAME}\npaths:\n - /home/${USER_NAME}" > /etc/fixuid/config.yml | ||
RUN <<EOT | ||
echo "# Installing fixuid..." | ||
tar -C /sbin -xzf /tmp/fixuid-linux.tar.gz | ||
rm /tmp/fixuid-linux.tar.gz | ||
chown root:root /sbin/fixuid | ||
chmod 4755 /sbin/fixuid | ||
mkdir -p /etc/fixuid | ||
# | ||
# Configure fixuid to fix user home folder | ||
printf "user: ${USER_NAME}\ngroup: ${GROUP_NAME}\npaths:\n - /home/${USER_NAME}" > /etc/fixuid/config.yml | ||
EOT | ||
|
||
# Avoid warnings by switching to noninteractive | ||
ENV DEBIAN_FRONTEND=noninteractive | ||
|
||
# Configure apt and install basic packages | ||
RUN echo "# Configuring apt..." \ | ||
&& apt-get update \ | ||
# | ||
# Basic apt configuration | ||
&& echo "# Installing apt-utils, dialog, ca-certificates, curl and tzdata..." \ | ||
&& apt-get install -y --no-install-recommends apt-utils dialog ca-certificates curl tzdata 2>&1 | ||
RUN <<EOT | ||
echo "# Configuring apt..." | ||
apt-get update | ||
# | ||
# Basic apt configuration | ||
echo "# Installing apt-utils, dialog, ca-certificates, curl and tzdata..." | ||
apt-get install -y --no-install-recommends apt-utils dialog ca-certificates curl tzdata 2>&1 | ||
EOT | ||
|
||
# Install locales | ||
RUN echo "# Installing locales..." \ | ||
&& apt-get install -y --no-install-recommends locales 2>&1 \ | ||
# | ||
# Configure locale | ||
&& echo "# Configuring 'en_US.UTF-8' locale..." \ | ||
&& locale-gen en_US.UTF-8 \ | ||
&& update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 | ||
RUN <<EOT | ||
echo "# Installing locales..." | ||
apt-get install -y --no-install-recommends locales 2>&1 | ||
# | ||
# Configure locale | ||
echo "# Configuring 'en_US.UTF-8' locale..." | ||
locale-gen en_US.UTF-8 | ||
update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 | ||
EOT | ||
|
||
# Set locale | ||
ENV LANG en_US.UTF-8 | ||
ENV LANGUAGE en_US:en | ||
ENV LC_ALL en_US.UTF-8 | ||
|
||
# Install sudo | ||
RUN echo "# Installing sudo..." \ | ||
&& apt-get install -y --no-install-recommends sudo 2>&1 \ | ||
# | ||
# Add sudo support for non-root user | ||
&& echo "# Allow 'sudo' for '${USER_NAME}'" \ | ||
&& echo "${USER_NAME} ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USER_NAME} \ | ||
&& chmod 0440 /etc/sudoers.d/${USER_NAME} | ||
RUN <<EOT | ||
echo "# Installing sudo..." | ||
apt-get install -y --no-install-recommends sudo 2>&1 | ||
# | ||
# Add sudo support for non-root user | ||
echo "# Allow 'sudo' for '${USER_NAME}'" | ||
echo "${USER_NAME} ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USER_NAME} | ||
chmod 0440 /etc/sudoers.d/${USER_NAME} | ||
EOT | ||
|
||
# Install some user utillities | ||
RUN echo "# Installing bash-completion and vim..." \ | ||
&& apt-get install -y --no-install-recommends bash-completion vim 2>&1 | ||
RUN <<EOT | ||
echo "# Installing bash-completion and vim..." | ||
apt-get install -y --no-install-recommends bash-completion vim 2>&1 | ||
EOT | ||
|
||
# Clean up apt | ||
RUN echo "# Cleaining up apt..." \ | ||
&& apt-get autoremove -y \ | ||
&& apt-get clean -y \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
RUN <<EOT | ||
echo "# Cleaining up apt..." | ||
apt-get autoremove -y | ||
apt-get clean -y | ||
rm -rf /var/lib/apt/lists/* | ||
EOT | ||
|
||
# Switch back to dialog for any ad-hoc use of apt-get | ||
ENV DEBIAN_FRONTEND= | ||
|