From 9fb318cf15191f2766c39e5d1eb549ff11ca1487 Mon Sep 17 00:00:00 2001
From: Anmol Sethi <hi@nhooyr.io>
Date: Thu, 3 Sep 2020 18:38:40 -0400
Subject: [PATCH] docker: Fix $DOCKER_USER (#2057)

We do not try renaming $HOME anymore as there is no good way
to do it.

We also only try to convert if the user hasn't been changed.

Finally I added usage to the docker docs in install.md

Closes #2056
---
 ci/release-image/Dockerfile    |  5 ++++-
 ci/release-image/entrypoint.sh | 28 +++++++++++++++-------------
 doc/install.md                 |  3 ++-
 3 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/ci/release-image/Dockerfile b/ci/release-image/Dockerfile
index 4dcd2bfb..5c31ecbe 100644
--- a/ci/release-image/Dockerfile
+++ b/ci/release-image/Dockerfile
@@ -39,6 +39,9 @@ COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
 RUN dpkg -i /tmp/code-server*$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
 
 EXPOSE 8080
-USER coder
+# This way, if someone sets $DOCKER_USER, docker-exec will still work as
+# the uid will remain the same. note: only relevant if -u isn't passed to
+# docker-run.
+USER 1000
 WORKDIR /home/coder
 ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]
diff --git a/ci/release-image/entrypoint.sh b/ci/release-image/entrypoint.sh
index 6e7525ce..ee58d07a 100755
--- a/ci/release-image/entrypoint.sh
+++ b/ci/release-image/entrypoint.sh
@@ -1,18 +1,20 @@
-#!/usr/bin/env sh
+#!/bin/sh
 set -eu
 
-if [ "${DOCKER_USER-}" ]; then
-  echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
-  sudo usermod --login "$DOCKER_USER" \
-    --move-home --home "/home/$DOCKER_USER" \
-    coder
-  sudo groupmod -n "$DOCKER_USER" coder
-
-  sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
-  sudo sed -i "s/coder/$DOCKER_USER/g" /etc/fixuid/config.yml
-  export HOME="/home/$DOCKER_USER"
-fi
-
 # This isn't set by default.
 export USER="$(whoami)"
+
+if [ "${DOCKER_USER-}" != "$USER" ]; then
+  echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
+  # Unfortunately we cannot change $HOME as we cannot move any bind mounts
+  # nor can we bind mount $HOME into a new home as that requires a privileged container.
+  sudo usermod --login "$DOCKER_USER" coder
+  sudo groupmod -n "$DOCKER_USER" coder
+
+  export USER="$(whoami)"
+
+  sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+  sudo sed -i "s/coder/$DOCKER_USER/g" /etc/fixuid/config.yml
+fi
+
 dumb-init fixuid -q /usr/bin/code-server "$@"
diff --git a/doc/install.md b/doc/install.md
index 5938cff0..8d7e98ba 100644
--- a/doc/install.md
+++ b/doc/install.md
@@ -179,10 +179,11 @@ code-server
 # easily access/modify your code-server config in $HOME/.config/code-server/config.json
 # outside the container.
 mkdir -p ~/.config
-docker run -it -p 127.0.0.1:8080:8080 \
+docker run -it --name code-server -p 127.0.0.1:8080:8080 \
   -v "$HOME/.config:/home/coder/.config" \
   -v "$PWD:/home/coder/project" \
   -u "$(id -u):$(id -g)" \
+  -e "DOCKER_USER=$USER" \
   codercom/code-server:latest
 ```