Align container user's home directory value in /etc/passwd and HOME env variable
Summary
The Gemnasium analyzers have a mismatch between the home directory value in /etc/passwd
and the HOME environment variable. This has caused issues in the past as can be seen in #374571.
To prevent this from happening in the future elsewhere, and to prevent a regression of #374571, we should align these values. Here's an example of how the /etc/passwd
file looks like in gemnasium-maven
.
root@58a0e8bc3a26:~# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
And here's how $HOME
is set:
root@58a0e8bc3a26:~# echo $HOME
/gemnasium-maven
The correct behavior would be for the /etc/passwd
file to contain:
root@58a0e8bc3a26:~# cat /etc/passwd
root:x:0:0:root:/gemnasium-maven:/bin/bash
Improvements
Removes the possibility of a regression of Cloning project over SSH fails when using gemna... (#374571) • Yasha Rise • Backlog.
Risks
- Editing a
/etc/passwd
file manually (withoutusermod
oruseradd
) is risky. We could mitigate this by adding agitlab
non-root user instead. If Improve Dependency Scanning support with non-ro... (#431945) is completed then the new user should be checked to ensure consistency between$HOME
and/etc/passwd
Involved components
-
build/*/*/Dockerfile
- All the
Dockerfile
files will need to be updated to use the correct home directory.
- All the