1#!/bin/bash 2# Original code: 3# Copyright (c) Jupyter Development Team. 4# Distributed under the terms of the Modified BSD License. 5# See https://github.com/jupyter/docker-stacks/blob/master/LICENSE.md 6 7set -e 8 9# Exec the specified command or fall back on bash 10if [ $# -eq 0 ]; then 11 cmd=( "bash" ) 12else 13 cmd=( "$@" ) 14fi 15 16run-hooks () { 17 # Source scripts or run executable files in a directory 18 if [[ ! -d "$1" ]] ; then 19 return 20 fi 21 echo "$0: running hooks in $1" 22 for f in "$1/"*; do 23 case "$f" in 24 *.sh) 25 echo "$0: running $f" 26 source "$f" 27 ;; 28 *) 29 if [[ -x "$f" ]] ; then 30 echo "$0: running $f" 31 "$f" 32 else 33 echo "$0: ignoring $f" 34 fi 35 ;; 36 esac 37 done 38 echo "$0: done running hooks in $1" 39} 40 41#run-hooks /usr/local/bin/image_startup.d 42 43# Handle special flags if we're root 44if [ $(id -u) == 0 ] ; then 45 46 # Only attempt to change the afni_user username if it exists 47 if id afni_user &> /dev/null ; then 48 echo "Set username to: $CONTAINER_USER" 49 usermod -d /home/$CONTAINER_USER -l $CONTAINER_USER afni_user 50 fi 51 52 # Handle case where provisioned storage does not have the correct permissions by default 53 # Ex: default NFS/EFS (no auto-uid/gid) 54 if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then 55 echo "Changing ownership of /home/$CONTAINER_USER to $CONTAINER_UID:$CONTAINER_GID with options '${CHOWN_HOME_OPTS}'" 56 chown $CHOWN_HOME_OPTS $CONTAINER_UID:$CONTAINER_GID /home/$CONTAINER_USER 57 fi 58 if [ ! -z "$CHOWN_EXTRA" ]; then 59 for extra_dir in $(echo $CHOWN_EXTRA | tr ',' ' '); do 60 echo "Changing ownership of ${extra_dir} to $CONTAINER_UID:$CONTAINER_GID with options '${CHOWN_EXTRA_OPTS}'" 61 chown $CHOWN_EXTRA_OPTS $CONTAINER_UID:$CONTAINER_GID $extra_dir 62 done 63 fi 64 65 # handle home and working directory if the username changed 66 if [[ "$CONTAINER_USER" != "afni_user" ]]; then 67 # changing username, make sure homedir exists 68 # (it could be mounted, and we shouldn't create it if it already exists) 69 if [[ ! -e "/home/$CONTAINER_USER" ]]; then 70 echo "Relocating home dir to /home/$CONTAINER_USER" 71 mv /home/afni_user "/home/$CONTAINER_USER" || ln -s /home/afni_user "/home/$CONTAINER_USER" 72 fi 73 # if workdir is in /home/afni_user, cd to /home/$CONTAINER_USER 74 if [[ "$PWD/" == "/home/afni_user/"* ]]; then 75 newcwd="/home/$CONTAINER_USER/${PWD:13}" 76 echo "Setting CWD to $newcwd" 77 cd "$newcwd" 78 fi 79 fi 80 81 # Change UID:GID of CONTAINER_USER to CONTAINER_UID:CONTAINER_GID if it does not match 82 if [ "$CONTAINER_UID" != $(id -u $CONTAINER_USER) ] || [ "$CONTAINER_GID" != $(id -g $CONTAINER_USER) ]; then 83 echo "Set user $CONTAINER_USER UID:GID to: $CONTAINER_UID:$CONTAINER_GID" 84 if [ "$CONTAINER_GID" != $(id -g $CONTAINER_USER) ]; then 85 groupadd -g $CONTAINER_GID -o ${CONTAINER_USER} 86 fi 87 userdel $CONTAINER_USER 88 useradd --home /home/$CONTAINER_USER -u $CONTAINER_UID -g $CONTAINER_GID -G 100 -l $CONTAINER_USER 89 fi 90 91 # Enable sudo if requested 92 if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then 93 echo "Granting $CONTAINER_USER sudo access and appending $CONDA_DIR/bin to sudo PATH" 94 echo "$CONTAINER_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook 95 fi 96 97 # Add $CONDA_DIR/bin to sudo secure_path 98 sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path 99 100 # Exec the command as CONTAINER_USER with the PATH and the rest of 101 # the environment preserved 102 run-hooks /usr/local/bin/before-notebook.d 103 echo "Executing the command: ${cmd[@]}" 104 exec sudo -E -H -u $CONTAINER_USER PATH=$PATH XDG_CACHE_HOME=/home/$CONTAINER_USER/.cache "${cmd[@]}" 105else 106 if [[ "$CONTAINER_UID" == "$(id -u afni_user)" && "$CONTAINER_GID" == "$(id -g afni_user)" ]]; then 107 # User is not attempting to override user/group via environment 108 # variables, but they could still have overridden the uid/gid that 109 # container runs as. Check that the user has an entry in the passwd 110 # file and if not add an entry. 111 STATUS=0 && whoami &> /dev/null || STATUS=$? && true 112 if [[ "$STATUS" != "0" ]]; then 113 if [[ -w /etc/passwd ]]; then 114 echo "Adding passwd file entry for $(id -u)" 115 cat /etc/passwd | sed -e "s/^afni_user:/container_user:/" > /tmp/passwd 116 echo "afni_user:x:$(id -u):$(id -g):,,,:/home/afni_user:/bin/bash" >> /tmp/passwd 117 cat /tmp/passwd > /etc/passwd 118 rm /tmp/passwd 119 else 120 echo 'Container must be run with group "root" to update passwd file' 121 fi 122 fi 123 124 # Warn if the user isn't going to be able to write files to $HOME. 125 if [[ ! -w /home/afni_user ]]; then 126 echo 'Container must be run with group "users" to update files' 127 fi 128 else 129 # Warn if looks like user want to override uid/gid but hasn't 130 # run the container as root. 131 if [[ ! -z "$CONTAINER_UID" && "$CONTAINER_UID" != "$(id -u)" ]]; then 132 echo 'Container must be run as root to set $CONTAINER_UID' 133 fi 134 if [[ ! -z "$CONTAINER_GID" && "$CONTAINER_GID" != "$(id -g)" ]]; then 135 echo 'Container must be run as root to set $CONTAINER_GID' 136 fi 137 fi 138 139 # Warn if looks like user want to run in sudo mode but hasn't run 140 # the container as root. 141 if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then 142 echo 'Container must be run as root to grant sudo permissions' 143 fi 144 145 # Execute the command 146 run-hooks /usr/local/bin/before-notebook.d 147 echo "Executing the command: ${cmd[@]}" 148 exec "${cmd[@]}" 149fi 150