From 9a38ae7dd0f250a07419d0d98bd79205466db01d Mon Sep 17 00:00:00 2001
From: Martin Quinson <martin.quinson@ens-rennes.fr>
Date: Thu, 23 May 2019 00:02:03 +0200
Subject: [PATCH] docker: drop root priviledge in our tutorial images

---
 tools/docker/Dockerfile.tuto-mc   | 22 +++++++++++++++++-----
 tools/docker/Dockerfile.tuto-s4u  | 18 ++++++++++++++++--
 tools/docker/Dockerfile.tuto-smpi | 19 ++++++++++++++++---
 3 files changed, 49 insertions(+), 10 deletions(-)

diff --git a/tools/docker/Dockerfile.tuto-mc b/tools/docker/Dockerfile.tuto-mc
index 888c7dd737..6784a21123 100644
--- a/tools/docker/Dockerfile.tuto-mc
+++ b/tools/docker/Dockerfile.tuto-mc
@@ -1,21 +1,33 @@
 # Base image 
 FROM debian:testing
 
+RUN apt update && apt -y upgrade 
+
+RUN apt install -y sudo && \
+    groupadd -g 999 user && \
+    useradd -u 999 -g user user && \
+    echo "user ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/user && \
+    chmod 0440 /etc/sudoers.d/user && \
+    mkdir -p /home/user && \
+    chown -R user:user /home/user
+
 # - Install SimGrid's dependencies 
 # - Compile and install SimGrid itself.
 # - Remove everything that was installed, and re-install what's needed by the SimGrid libraries before the Gran Final Cleanup
 # - Keep g++ gcc gfortran as any MC user will use (some of) them
-RUN apt update && apt -y upgrade && \
-    apt install -y g++ gcc git valgrind gfortran libboost-dev libboost-all-dev cmake dpkg-dev libunwind-dev libdw-dev libelf-dev libevent-dev && \
+RUN apt install -y g++ gcc git valgrind gfortran libboost-dev libboost-all-dev cmake dpkg-dev libunwind-dev libdw-dev libelf-dev libevent-dev && \
     mkdir /source/ && cd /source && git clone --depth=1 https://framagit.org/simgrid/simgrid.git simgrid.git && \
     cd simgrid.git && \
     cmake -DCMAKE_INSTALL_PREFIX=/usr/ -Denable_model-checking=ON -Denable_documentation=OFF -Denable_java=OFF -Denable_smpi=ON -Denable_compile_optimizations=ON . && \
-    make -j4 install \
+    make -j4 install && \
+    chown -R user:user /source && \
     mkdir debian/ && touch debian/control && dpkg-shlibdeps --ignore-missing-info lib/*.so -llib/ -O/tmp/deps && \
     apt remove -y git valgrind libboost-dev libboost-all-dev cmake dpkg-dev libunwind-dev libdw-dev libelf-dev libevent-dev && \
-    apt install `sed -e 's/shlibs:Depends=//' -e 's/([^)]*)//g' -e 's/,//g' /tmp/deps` && rm /tmp/deps && \
+    apt install -y `sed -e 's/shlibs:Depends=//' -e 's/([^)]*)//g' -e 's/,//g' /tmp/deps` && rm /tmp/deps && \
     apt autoremove -y && apt autoclean && apt clean
-    
+
+USER user
+
 # The build and dependencies are not cleaned in this image since it's it's highly experimental so far    
 #    git reset --hard master && git clean -dfx && \
 
diff --git a/tools/docker/Dockerfile.tuto-s4u b/tools/docker/Dockerfile.tuto-s4u
index ff7ddccb57..e5dfaa881a 100644
--- a/tools/docker/Dockerfile.tuto-s4u
+++ b/tools/docker/Dockerfile.tuto-s4u
@@ -1,12 +1,26 @@
 # Base image 
 FROM simgrid/stable
 
+RUN apt update && apt -y upgrade 
+
+RUN apt install -y sudo && \
+    groupadd -g 999 user && \
+    useradd -r -u 999 -g user user && \
+    echo "user ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/user && \
+    chmod 0440 /etc/sudoers.d/user && \
+    mkdir -p /home/user && \
+    chown -R user:user /home/user
+
 # - Clone simgrid-template-s4u, as it is needed by the tutorial
 # - Add an empty makefile advising to run cmake before make, just in case
-RUN apt update && apt install -y pajeng r-base r-cran-ggplot2 r-cran-dplyr r-cran-devtools cmake g++ git libboost-all-dev flex bison&& \
+RUN apt install -y pajeng r-base r-cran-ggplot2 r-cran-dplyr r-cran-devtools cmake g++ git libboost-all-dev flex bison&& \
     cd /source && \
     git clone --depth=1 https://framagit.org/simgrid/simgrid-template-s4u.git simgrid-template-s4u.git && \
     printf "master-workers ping-pong:\n\t@echo \"Please run the following command before make:\";echo \"    cmake .\"; exit 1" > Makefile &&\
-    apt autoremove -y && apt clean && apt autoclean
+    chown -R user:user /source && \
+    apt autoremove -y && apt clean && apt autoclean && \
+    chown -R user:user /source
 
 RUN Rscript -e "library(devtools); install_github('schnorr/pajengr');"
+
+CMD ["su", "-", "user", "-c", "/bin/bash"]
diff --git a/tools/docker/Dockerfile.tuto-smpi b/tools/docker/Dockerfile.tuto-smpi
index 77df6617d7..640620e323 100644
--- a/tools/docker/Dockerfile.tuto-smpi
+++ b/tools/docker/Dockerfile.tuto-smpi
@@ -1,10 +1,23 @@
 # Base image 
-FROM simgrid/unstable
+FROM simgrid/stable
+
+RUN apt update && apt -y upgrade 
+
+RUN apt install -y sudo && \
+    groupadd -g 999 user && \
+    useradd -r -u 999 -g user user && \
+    echo "user ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/user && \
+    chmod 0440 /etc/sudoers.d/user && \
+    mkdir -p /home/user && \
+    chown -R user:user /home/user
 
 # - Clone simgrid-template-smpi, as it is needed by the tutorial
-RUN apt update && apt install -y pajeng libssl-dev r-base r-cran-ggplot2 r-cran-dplyr r-cran-devtools build-essential g++ gfortran git libboost-all-dev cmake flex bison && \
+RUN apt install -y pajeng libssl-dev r-base r-cran-ggplot2 r-cran-dplyr r-cran-devtools build-essential g++ gfortran git libboost-all-dev cmake flex bison && \
     cd /source && \
-    git clone --depth=1 https://framagit.org/simgrid/simgrid-template-smpi.git simgrid-template-smpi.git && \    
+    git clone --depth=1 https://framagit.org/simgrid/simgrid-template-smpi.git simgrid-template-smpi.git && \
+    chown -R user:user /source && \
     apt autoremove -y && apt clean && apt autoclean
     
 RUN Rscript -e "library(devtools); install_github('schnorr/pajengr');"
+
+CMD ["su", "-", "user", "-c", "/bin/bash"]
-- 
2.20.1