GetContainerUser returns the uid, gid, and username used to run most containers
()
| 90 | |
| 91 | // GetContainerUser returns the uid, gid, and username used to run most containers |
| 92 | func GetContainerUser() (uidStr string, gidStr string, username string) { |
| 93 | sContainerUserOnce.Do(func() { |
| 94 | // Default fallback values if we can't determine the user |
| 95 | uidStr = "1000" |
| 96 | gidStr = "1000" |
| 97 | username = "ddev" |
| 98 | |
| 99 | curUser, err := user.Current() |
| 100 | if err != nil { |
| 101 | // Use fallback values and warn |
| 102 | util.Warning("Unable to determine current user (UID, GID, username), using fallback uid=%s gid=%s username=%s: %v", uidStr, gidStr, username, err) |
| 103 | } else { |
| 104 | // Use actual user values |
| 105 | uidStr = curUser.Uid |
| 106 | gidStr = curUser.Gid |
| 107 | username = curUser.Username |
| 108 | |
| 109 | // Sanitize username for safe use in Linux containers |
| 110 | // Example problem usernames: "André Kraus", "Mück", "DOMAIN\user", "user@example.com" |
| 111 | // See https://stackoverflow.com/questions/64933879 |
| 112 | username = sanitizeUsername(username) |
| 113 | } |
| 114 | |
| 115 | // Windows user IDs are non-numeric, |
| 116 | // so we have to run as arbitrary user 1000. We may have a host uidStr/gidStr greater in other contexts, |
| 117 | // 1000 seems not to cause file permissions issues at least on docker-for-windows. |
| 118 | if nodeps.IsWindows() { |
| 119 | uidStr = "1000" |
| 120 | gidStr = "1000" |
| 121 | } |
| 122 | sContainerUser = &containerUser{ |
| 123 | uidStr: uidStr, |
| 124 | gidStr: gidStr, |
| 125 | username: username, |
| 126 | } |
| 127 | }) |
| 128 | |
| 129 | return sContainerUser.uidStr, sContainerUser.gidStr, sContainerUser.username |
| 130 | } |
| 131 | |
| 132 | // InspectContainer returns the full result of inspection |
| 133 | func InspectContainer(name string) (container.InspectResponse, error) { |