#129 #177 #163: Fixed some lingering permission errors

lando · Jul 18, 2017 · 6f5a9af · 6f5a9af
1 parent 6d4600b
commit 6f5a9af
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 68 deletions.
diff --git a/docs/changelog/2017.md b/docs/changelog/2017.md
@@ -2,6 +2,7 @@ v3.0.0-alpha.15 - [July 19, 2017](https://github.com/kalabox/lando/releases/tag/
 -------------------------------
 
 *   Fixed bug where wrong `LANDO_ENGINE_REMOTE_IP` was borking `extra_hosts` [#129](https://github.com/kalabox/lando/issues/129)
+*   Fixed some lingering permissions errors` [#129](https://github.com/kalabox/lando/issues/129) [#163](https://github.com/kalabox/lando/issues/163) [#177](https://github.com/kalabox/lando/issues/177)
 
 v3.0.0-alpha.14 - [July 18, 2017](https://github.com/kalabox/lando/releases/tag/v3.0.0-alpha.14)
 -------------------------------

diff --git a/plugins/lando-core/lib/init.js b/plugins/lando-core/lib/init.js
@@ -64,14 +64,13 @@ module.exports = function(lando) {
       labels: {'io.lando.container': 'TRUE'},
       volumes: [
         '$LANDO_ENGINE_SCRIPTS_DIR/lando-entrypoint.sh:/lando-entrypoint.sh',
-        '$LANDO_ENGINE_SCRIPTS_DIR/user-perms.sh:/scripts/user-perms.sh',
         '$LANDO_ENGINE_SCRIPTS_DIR/load-keys.sh:/scripts/load-keys.sh'
       ]
     };
 
     // Set up our scripts
     // @todo: get volumes above into this
-    var scripts = ['lando-entrypoint.sh', 'user-perms.sh', 'load-keys.sh'];
+    var scripts = ['lando-entrypoint.sh', 'load-keys.sh'];
     _.forEach(scripts, function(script) {
       fs.chmodSync(path.join(lando.config.engineScriptsDir, script), '755');
     });

diff --git a/plugins/lando-recipes/pantheon/pantheon.js b/plugins/lando-recipes/pantheon/pantheon.js
@@ -255,7 +255,7 @@ module.exports = function(lando) {
     var mounts = [
       '/srv/includes:prepend.php',
       '/etc/nginx:nginx.conf',
-      '/scripts:pantheon.sh'
+      '/srv/includes:pantheon.sh'
     ];
 
     // Loop
@@ -404,6 +404,11 @@ module.exports = function(lando) {
     var dependsPath = 'services.appserver.overrides.services.depends_on';
     _.set(build, dependsPath, ['index']);
 
+    // Add in our pantheon script
+    // NOTE: We do this here instead of in /scripts because we need to gaurantee
+    // it runs before the other build steps so it can reset our CA correctly
+    build.services.appserver.extras = ['/srv/includes/pantheon.sh'];
+
     // Reset our build steps
     build.services.appserver.build = buildSteps(config);
 

diff --git a/plugins/lando-recipes/pantheon/pantheon.sh b/plugins/lando-recipes/pantheon/pantheon.sh
@@ -39,15 +39,7 @@ update-ca-certificates --fresh
 echo "Setting up client key $INDEX_PEM"
 cp -rf $INDEX_PEM /var/www/certs/binding.pem
 
-# If we don't have an SSH key already let's create one
-# if [ ! -f "$HOME/keys/${KALABOX_SSH_KEY}" ]; then
-#   ssh-keygen -t rsa -N "" -C "${TERMINUS_USER}.kbox" -f "$HOME/keys/${KALABOX_SSH_KEY}"
-# fi
-
-# Post that key to pantheon
-# NOTE: Pantheon is smart and will not add the same key twice
-# terminus ssh-keys add --file="$HOME/keys/${KALABOX_SSH_KEY}.pub"
-
+# LOCKR integration
 # If we don't have our dev cert already let's get it
 # if [ ! -f "/certs/binding.pem" ]; then
 #   $(terminus site connection-info --field=sftp_command):certs/binding.pem /certs/binding.pem
@@ -61,4 +53,4 @@ cp -rf $INDEX_PEM /var/www/certs/binding.pem
 # fi
 
 # Set some perms
-nohup chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP /var/www/tmp &>/dev/null &
+chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP /var/www/tmp
diff --git a/plugins/lando-services/lib/services.js b/plugins/lando-services/lib/services.js
@@ -278,9 +278,6 @@ module.exports = function(lando) {
     vols.push('$LANDO_ENGINE_HOME:/user' + shareMode);
     services[name].volumes = _.uniq(vols);
 
-    // And some permission helpers
-    services[name].volumes = addScript('user-perms.sh', services[name].volumes);
-
     // Add in SSH key loading
     services[name].volumes = addScript('load-keys.sh', services[name].volumes);
 

diff --git a/plugins/lando-services/scripts/lando-entrypoint.sh b/plugins/lando-services/scripts/lando-entrypoint.sh
@@ -2,6 +2,57 @@
 
 set -e
 
+# Set defaults
+: ${LANDO_WEBROOT_USER:='www-data'}
+: ${LANDO_WEBROOT_GROUP:='www-data'}
+: ${LANDO_WEBROOT_UID:='33'}
+: ${LANDO_WEBROOT_GID:='33'}
+
+# Lets only do this if we are root
+if [ $(id -u) = 0 ]; then
+
+  # Make things
+  mkdir -p /var/www
+  mkdir -p "$LANDO_MOUNT"
+
+  # Adding user if needed
+  echo "Making sure correct user exists..."
+  groupadd --force --gid "$LANDO_WEBROOT_GID" "$LANDO_WEBROOT_GROUP"
+  id -u "$LANDO_WEBROOT_USER" &>/dev/null || useradd --gid "$LANDO_WEBROOT_GID" -M -N --uid "$LANDO_WEBROOT_UID" "$LANDO_WEBROOT_USER"
+
+  # Make sure the account is active
+  chsh -s /bin/bash $LANDO_WEBROOT_USER || true
+
+  # Correctly map users if we are on linux
+  if [ "$LANDO_HOST_OS" = "linux" ]; then
+    echo "Remapping ownership to handle Linux docker volume sharing..."
+    usermod -o -u "$LANDO_HOST_UID" "$LANDO_WEBROOT_USER"
+    groupmod -g "$LANDO_HOST_GID" "$LANDO_WEBROOT_GROUP" || true
+  fi
+
+  # Make sure we set the ownership of the mount and HOME when we start a service
+  chown $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP "$LANDO_MOUNT"
+  chown $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP /var/www
+  nohup chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP "$LANDO_MOUNT" &
+  nohup chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP /var/www &
+
+  # Make sure we chown the $LANDO_WEBROOT_USER home directory
+  nohup chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP $(getent passwd $LANDO_WEBROOT_USER | cut -d : -f 6) &
+  nohup chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP /user/.ssh
+  nohup chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP /user/.lando
+
+  # Lets also make some /usr/locals chowned
+  nohup chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP /usr/local/bin &
+  nohup chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP /usr/local/lib &
+  nohup chown -R $LANDO_WEBROOT_USER:$LANDO_WEBROOT_GROUP /usr/local/share &
+
+  # Move over .gitconfig if it exists
+  if [ -f "/user/.gitconfig" ]; then
+    cp -rf /user/.gitconfig /var/www/.gitconfig
+  fi
+
+fi
+
 # Run any scripts that we've loaded into the mix
 if [ -d "/scripts" ] && [ -z ${LANDO_NO_SCRIPTS+x} ]; then
   chmod +x /scripts/*

diff --git a/plugins/lando-services/scripts/load-keys.sh b/plugins/lando-services/scripts/load-keys.sh
@@ -12,8 +12,6 @@ SSH_IDENTITIES=()
 # Set defaults
 : ${LANDO_WEBROOT_USER:='www-data'}
 : ${LANDO_WEBROOT_GROUP:='www-data'}
-: ${LANDO_WEBROOT_UID:='33'}
-: ${LANDO_WEBROOT_GID:='33'}
 
 # Make sure we have the system wide confdir
 mkdir -p $SSH_CONF

diff --git a/plugins/lando-services/scripts/user-perms.sh b/plugins/lando-services/scripts/user-perms.sh