diff --git a/integration/dockerfiles/Dockerfile_test_user_without_grp b/integration/dockerfiles/Dockerfile_test_user_without_grp new file mode 100644 index 000000000..be86a9def --- /dev/null +++ b/integration/dockerfiles/Dockerfile_test_user_without_grp @@ -0,0 +1,20 @@ +# Copyright 2018 Google, Inc. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM debian:9.11 +RUN groupadd testgroup && \ + useradd --create-home --gid testgroup alice + +USER alice +RUN touch ~/hello \ No newline at end of file diff --git a/pkg/commands/run.go b/pkg/commands/run.go index 886739a83..9da6ddeeb 100644 --- a/pkg/commands/run.go +++ b/pkg/commands/run.go @@ -71,7 +71,7 @@ func (r *RunCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bui var userStr string // If specified, run the command as a specific user if config.User != "" { - uid, gid, err := util.GetUIDAndGIDFromString(config.User, false) + uid, gid, err := util.GetUIDAndGIDFromString(config.User, true) if err != nil { return err } diff --git a/pkg/commands/user.go b/pkg/commands/user.go index 702e5594d..410bb7840 100644 --- a/pkg/commands/user.go +++ b/pkg/commands/user.go @@ -47,16 +47,15 @@ func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bu if err != nil { return errors.Wrap(err, fmt.Sprintf("resolving user %s", userAndGroup[0])) } - var groupStr = setGroupDefault(userStr) + if len(userAndGroup) > 1 { - groupStr, err = util.ResolveEnvironmentReplacement(userAndGroup[1], replacementEnvs, false) + groupStr, err := util.ResolveEnvironmentReplacement(userAndGroup[1], replacementEnvs, false) if err != nil { return errors.Wrap(err, fmt.Sprintf("resolving group %s", userAndGroup[1])) } + userStr = userStr + ":" + groupStr } - userStr = userStr + ":" + groupStr - config.User = userStr return nil } @@ -64,12 +63,3 @@ func (r *UserCommand) ExecuteCommand(config *v1.Config, buildArgs *dockerfile.Bu func (r *UserCommand) String() string { return r.cmd.String() } - -func setGroupDefault(userStr string) string { - userObj, err := Lookup(userStr) - if err != nil { - logrus.Debugf("could not lookup user %s. Setting group empty", userStr) - return "" - } - return userObj.Gid -} diff --git a/pkg/commands/user_test.go b/pkg/commands/user_test.go index 455295f7c..ad64d22cd 100644 --- a/pkg/commands/user_test.go +++ b/pkg/commands/user_test.go @@ -37,22 +37,22 @@ var userTests = []struct { { user: "root", userObj: &user.User{Uid: "root", Gid: "root"}, - expectedUID: "root:root", + expectedUID: "root", }, { user: "root-add", userObj: &user.User{Uid: "root-add", Gid: "root"}, - expectedUID: "root-add:root", + expectedUID: "root-add", }, { user: "0", userObj: &user.User{Uid: "0", Gid: "0"}, - expectedUID: "0:0", + expectedUID: "0", }, { user: "fakeUser", userObj: &user.User{Uid: "fakeUser", Gid: "fakeUser"}, - expectedUID: "fakeUser:fakeUser", + expectedUID: "fakeUser", }, { user: "root:root", @@ -78,7 +78,7 @@ var userTests = []struct { { user: "$envuser", userObj: &user.User{Uid: "root", Gid: "root"}, - expectedUID: "root:root", + expectedUID: "root", }, { user: "root:$envgroup", @@ -92,7 +92,7 @@ var userTests = []struct { }, { user: "some", - expectedUID: "some:", + expectedUID: "some", }, }