Non-root users are not guaranteed a writable home directory #260
Description
If you set forward_user: true without any further configuration, the user inside the container has no name and its home is the root directory:
I have no name! [ /src ]$ ls -l | head -n 2
total 228
-rw-r--r-- 1 1000 1000 97758 Oct 24 11:26 CHANGELOG.md
I have no name! [ /src ]$ echo $HOME
/
I have no name! [ /src ]$ ls -ld $HOME
drwxr-xr-x 1 root root 4096 Oct 25 10:45 /
Because the user doesn't have write permissions for its $HOME, tools that try to create config or cache files or directories in $HOME do not work. For example, az-cli and docker.
I have no name! [ /src ]$ az login
Traceback (most recent call last):
File "/usr/lib/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/opt/python/venvs/azure-cli/lib/python3.9/site-packages/azure/cli/__main__.py", line 39, in <module>
az_cli = get_default_cli()
File "/opt/python/venvs/azure-cli/lib/python3.9/site-packages/azure/cli/core/__init__.py", line 895, in get_default_cli
from azure.cli.core.azlogging import AzCliLogging
File "/opt/python/venvs/azure-cli/lib/python3.9/site-packages/azure/cli/core/azlogging.py", line 30, in <module>
from azure.cli.core.commands.events import EVENT_INVOKER_PRE_CMD_TBL_TRUNCATE
File "/opt/python/venvs/azure-cli/lib/python3.9/site-packages/azure/cli/core/commands/__init__.py", line 25, in <module>
from azure.cli.core.extension import get_extension
File "/opt/python/venvs/azure-cli/lib/python3.9/site-packages/azure/cli/core/extension/__init__.py", line 18, in <module>
az_config = CLIConfig(config_dir=GLOBAL_CONFIG_DIR, config_env_var_prefix=ENV_VAR_PREFIX)
File "/opt/python/venvs/azure-cli/lib/python3.9/site-packages/knack/config.py", line 40, in __init__
ensure_dir(config_dir)
File "/opt/python/venvs/azure-cli/lib/python3.9/site-packages/knack/util.py", line 115, in ensure_dir
raise e
File "/opt/python/venvs/azure-cli/lib/python3.9/site-packages/knack/util.py", line 112, in ensure_dir
os.makedirs(d)
File "/usr/lib/python3.9/os.py", line 225, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/.azure'
It's possible to work around this as follows, but it's hacky. It would be nice if floki guaranteed you a writable home directory.
docker_switches:
- -e
- HOME=/tmp/home
forward_user: true
init:
- mkdir $HOME