From 7b6b4e3a11757694c3179812e53589d3b0aa05e3 Mon Sep 17 00:00:00 2001 From: Robert Brennan Date: Sat, 4 May 2024 22:26:55 -0400 Subject: [PATCH] be more dynamic around uid generation (#1584) * be more dynamic around uid generation * fix comment * fix second uid add --- containers/app/Dockerfile | 3 ++- containers/app/entrypoint.sh | 16 +++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/containers/app/Dockerfile b/containers/app/Dockerfile index 318e66b303..0604a64057 100644 --- a/containers/app/Dockerfile +++ b/containers/app/Dockerfile @@ -33,7 +33,8 @@ FROM python:3.12-slim as runtime WORKDIR /app ENV RUN_AS_DEVIN=true -ENV OPENDEVIN_USER_ID=1000 +# A random number--we need this to be different from the user's UID on the host machine +ENV OPENDEVIN_USER_ID=42420 ENV USE_HOST_NETWORK=false ENV SSH_HOSTNAME=host.docker.internal ENV WORKSPACE_BASE=/opt/workspace_base diff --git a/containers/app/entrypoint.sh b/containers/app/entrypoint.sh index 860178f0ca..7ffe8b87d9 100755 --- a/containers/app/entrypoint.sh +++ b/containers/app/entrypoint.sh @@ -10,9 +10,23 @@ if [ -z "$SANDBOX_USER_ID" ]; then exit 1 fi +if [[ "$SANDBOX_USER_ID" -eq 0 ]]; then + echo "SANDBOX_USER_ID cannot be 0. Please run with a different user id." + exit 1 +fi + # change uid of opendevin user to match the host user # but the group id is not changed, so the user can still access everything under /app -useradd -l -m -u $SANDBOX_USER_ID -s /bin/bash enduser +if ! useradd -l -m -u $SANDBOX_USER_ID -s /bin/bash enduser; then + echo "Failed to create user enduser with id $SANDBOX_USER_ID. Moving opendevin user." + incremented_id=$(($SANDBOX_USER_ID + 1)) + usermod -u $incremented_id opendevin + if ! useradd -l -m -u $SANDBOX_USER_ID -s /bin/bash enduser; then + echo "Failed to create user enduser with id $SANDBOX_USER_ID for a second time. Exiting." + exit 1 + fi +fi + usermod -aG app enduser mkdir -p /home/enduser/.cache/ms-playwright/ mv /home/opendevin/.cache/ms-playwright/ /home/enduser/.cache/