feat(docker): prefer ADMIN_USER/NEW_USER, auto-detect existing sudo user, create only if allowed
This commit is contained in:
Mărcziem ™
@@ -57,18 +57,48 @@ install_docker() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# Add user to the docker group if the user exists. Some installs use a
|
# Determine which user to add to the docker group.
|
||||||
# non-root admin account stored in NEW_USER; if it does not exist, skip
|
# Prefer ADMIN_USER if configured, then NEW_USER. If neither exists,
|
||||||
# adding to the docker group to avoid failing the whole setup.
|
# try to auto-detect a suitable non-root sudo-capable user. Only create
|
||||||
if id -u "$NEW_USER" >/dev/null 2>&1; then
|
# a new user if CREATE_NEW_USER_IF_MISSING=true.
|
||||||
handle_error sudo usermod -aG docker "$NEW_USER"
|
TARGET_USER=""
|
||||||
|
|
||||||
|
if [[ -n "${ADMIN_USER:-}" ]] && id -u "${ADMIN_USER}" >/dev/null 2>&1; then
|
||||||
|
TARGET_USER="${ADMIN_USER}"
|
||||||
|
log_debug "Using ADMIN_USER='$TARGET_USER' for docker group"
|
||||||
|
elif [[ -n "${NEW_USER:-}" ]] && id -u "${NEW_USER}" >/dev/null 2>&1; then
|
||||||
|
TARGET_USER="${NEW_USER}"
|
||||||
|
log_debug "Using NEW_USER='$TARGET_USER' for docker group"
|
||||||
else
|
else
|
||||||
log_warning "User '$NEW_USER' does not exist; skipping usermod -aG docker."
|
# Try to find a human non-system user (UID >= 1000) who has a normal shell
|
||||||
# Optionally create the user if the admin wants that behavior. Default is false.
|
TARGET_USER=$(awk -F: '($3>=1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false"){print $1; exit}' /etc/passwd || true)
|
||||||
|
|
||||||
|
# Prefer a user that is in the sudo group if one exists
|
||||||
|
if [[ -n "$TARGET_USER" ]]; then
|
||||||
|
if ! id -nG "$TARGET_USER" | grep -qw sudo; then
|
||||||
|
local sudo_member
|
||||||
|
sudo_member=$(getent group sudo | awk -F: '{print $4}' | tr ',' '\n' | awk 'NF{print $1; exit}') || true
|
||||||
|
if [[ -n "$sudo_member" ]]; then
|
||||||
|
TARGET_USER="$sudo_member"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -n "$TARGET_USER" ]]; then
|
||||||
|
log_info "Auto-detected user '$TARGET_USER' to add to docker group"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -n "$TARGET_USER" ]]; then
|
||||||
|
handle_error sudo usermod -aG docker "$TARGET_USER"
|
||||||
|
else
|
||||||
|
log_warning "No suitable non-root user found to add to docker group."
|
||||||
if [[ "${CREATE_NEW_USER_IF_MISSING:-false}" == "true" ]]; then
|
if [[ "${CREATE_NEW_USER_IF_MISSING:-false}" == "true" ]]; then
|
||||||
log_info "Creating user '$NEW_USER' and adding to docker group..."
|
local create_user
|
||||||
handle_error sudo useradd -m -s /bin/bash "$NEW_USER"
|
create_user="${NEW_USER:-nasadmin}"
|
||||||
handle_error sudo usermod -aG docker "$NEW_USER"
|
log_info "Creating user '$create_user' and adding to docker group..."
|
||||||
|
handle_error sudo useradd -m -s /bin/bash "$create_user"
|
||||||
|
handle_error sudo usermod -aG docker "$create_user"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user