Skip to content

Commit 7438238

Browse files
joe4devjoe4dev
committed
Make user configurable
1 parent b265162 commit 7438238

File tree

2 files changed

+12
-9
lines changed

2 files changed

+12
-9
lines changed

cmd/localstack/main.go

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ type LsOpts struct {
1919
RuntimeEndpoint string
2020
RuntimeId string
2121
InitTracingPort string
22+
User string
2223
CodeArchives string
2324
HotReloadingPaths []string
2425
EnableDnsServer string
@@ -40,6 +41,7 @@ func InitLsOpts() *LsOpts {
4041
// optional with default
4142
InteropPort: GetenvWithDefault("LOCALSTACK_INTEROP_PORT", "9563"),
4243
InitTracingPort: GetenvWithDefault("LOCALSTACK_RUNTIME_TRACING_PORT", "9564"),
44+
User: GetenvWithDefault("LOCALSTACK_USER", "sbx_user1051"),
4345
// optional or empty
4446
CodeArchives: os.Getenv("LOCALSTACK_CODE_ARCHIVES"),
4547
HotReloadingPaths: strings.Split(GetenvWithDefault("LOCALSTACK_HOT_RELOADING_PATHS", ""), ","),
@@ -60,13 +62,14 @@ func main() {
6062
log.SetLevel(log.DebugLevel)
6163
log.SetReportCaller(true)
6264

63-
// Switch to sbx user and drop root privileges
64-
if IsRootUser() {
65-
UserLogger().Debugln("Drop privileges and switch user.")
66-
user := "sbx_user1051"
67-
AddUser(user)
68-
DropPrivileges(user)
69-
UserLogger().Debugln("Process running as sbx user.")
65+
// Switch to non-root user and drop root privileges
66+
if IsRootUser() && lsOpts.User != "" {
67+
uid := 993
68+
gid := 990
69+
AddUser(lsOpts.User, uid, gid)
70+
UserLogger().Debugln("Process running as root user.")
71+
DropPrivileges(lsOpts.User)
72+
UserLogger().Debugln("Process running as non-root user.")
7073
}
7174

7275
// download code archive if env variable is set

cmd/localstack/user.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,10 @@ import (
1515
// The actual default values are based on inspecting the AWS Lambda runtime in us-east-1
1616
// /etc/group is empty and /etc/gshadow is not accessible in AWS
1717
// The home directory does not exist in AWS Lambda
18-
func AddUser(user string) {
18+
func AddUser(user string, uid int, gid int) {
1919
// passwd file format: https://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
2020
passwdFile := "/etc/passwd"
21-
passwdEntry := fmt.Sprintf("%[1]s:x:993:990::/home/%[1]s:/sbin/nologin", user)
21+
passwdEntry := fmt.Sprintf("%[1]s:x:%[2]v:%[3]v::/home/%[1]s:/sbin/nologin", user, uid, gid)
2222
if !doesFileContainEntry(passwdFile, passwdEntry) {
2323
addEntry(passwdFile, passwdEntry)
2424
}

0 commit comments

Comments
 (0)