From fa07406f4dccd482284cb9d8dbaca6533116dab8 Mon Sep 17 00:00:00 2001
From: Samruddhi Khandale <skhandale@microsoft.com>
Date: Mon, 13 Jun 2022 13:30:57 -0700
Subject: [PATCH] add missing user groups to fix permission issues for non root
 user (#45)

* add missing user groups

* fix username

* move chmod: anaconda
---
 src/anaconda/install.sh            | 15 +++++++++++----
 src/dotnet/install.sh              |  9 +++++++++
 src/hugo/install.sh                |  9 +++++++++
 src/oryx/devcontainer-feature.json |  3 ++-
 src/oryx/install.sh                | 17 +++++++++++++----
 src/php/install.sh                 | 11 ++++++++++-
 src/python/install.sh              | 13 +++++++++++++
 src/ruby/install.sh                |  9 +++++++--
 8 files changed, 74 insertions(+), 12 deletions(-)

diff --git a/src/anaconda/install.sh b/src/anaconda/install.sh
index 272ba73..c9661d3 100644
--- a/src/anaconda/install.sh
+++ b/src/anaconda/install.sh
@@ -9,7 +9,6 @@
 
 
 VERSION=${VERSION:-"latest"}
-
 USERNAME=${USERNAME:-"automatic"}
 UPDATE_RC=${UPDATE_RC:-"true"}
 CONDA_DIR=${CONDA_DIR:-"/usr/local/conda"}
@@ -32,8 +31,8 @@ if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then
     USERNAME=""
     POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)")
     for CURRENT_USER in "${POSSIBLE_USERS[@]}"; do
-        if id -u ${CURRENT_USER} > /dev/null 2>&1; then
-            USERNAME=${CURRENT_USER}
+        if id -u "${CURRENT_USER}" > /dev/null 2>&1; then
+            USERNAME="${CURRENT_USER}"
             break
         fi
     done
@@ -72,11 +71,19 @@ check_packages() {
 
 # Install Conda if it's missing
 if ! conda --version &> /dev/null ; then
+    if ! cat /etc/group | grep -e "^conda:" > /dev/null 2>&1; then
+        groupadd -r conda
+    fi
+    usermod -a -G conda "${USERNAME}"
+
     # Install dependencies
     check_packages wget ca-certificates
 
     mkdir -p $CONDA_DIR
-    chown ${USERNAME}:root $CONDA_DIR
+    chown -R :conda "${CONDA_DIR}"
+    chmod -R g+r+w "${CONDA_DIR}"
+    
+    find "${CONDA_DIR}" -type d | xargs -n 1 chmod g+s
     echo "Installing Anaconda..."
 
     CONDA_VERSION=$VERSION
diff --git a/src/dotnet/install.sh b/src/dotnet/install.sh
index 0a147bc..9484bbe 100644
--- a/src/dotnet/install.sh
+++ b/src/dotnet/install.sh
@@ -412,7 +412,16 @@ else
         echo "Could not install dotnet from apt. Attempting to install dotnet from releases url"
     fi
 
+    if ! cat /etc/group | grep -e "^dotnet:" > /dev/null 2>&1; then
+        groupadd -r dotnet
+    fi
+    usermod -a -G dotnet "${USERNAME}"
+
     install_using_dotnet_releases_url "${DOTNET_SDK_OR_RUNTIME}"
+    
+    chown -R :dotnet "${TARGET_DOTNET_ROOT}"
+    chmod -R g+r+w "${TARGET_DOTNET_ROOT}"
+    find "${TARGET_DOTNET_ROOT}" -type d | xargs -n 1 chmod g+s
 fi
 
 echo "Done!"
\ No newline at end of file
diff --git a/src/hugo/install.sh b/src/hugo/install.sh
index 9e25aeb..11b2d6c 100644
--- a/src/hugo/install.sh
+++ b/src/hugo/install.sh
@@ -90,6 +90,11 @@ fi
 
 # Install Hugo if it's missing
 if ! hugo version &> /dev/null ; then
+    if ! cat /etc/group | grep -e "^hugo:" > /dev/null 2>&1; then
+        groupadd -r hugo
+    fi
+    usermod -a -G hugo "${USERNAME}"
+
     echo "Installing Hugo..."
     installation_dir="$HUGO_DIR/bin"
     mkdir -p "$installation_dir"
@@ -108,6 +113,10 @@ if ! hugo version &> /dev/null ; then
     rm "$hugo_filename"
 
     updaterc "export HUGO_DIR=${installation_dir}"
+
+    chown -R :hugo "${HUGO_DIR}"
+    chmod -R g+r+w "${HUGO_DIR}"
+    find "${HUGO_DIR}" -type d | xargs -n 1 chmod g+s
 fi
 
 echo "Done!"
diff --git a/src/oryx/devcontainer-feature.json b/src/oryx/devcontainer-feature.json
index f42e9ce..5c3be58 100644
--- a/src/oryx/devcontainer-feature.json
+++ b/src/oryx/devcontainer-feature.json
@@ -4,7 +4,8 @@
     "containerEnv": {
         "ORYX_SDK_STORAGE_BASE_URL": "https://oryx-cdn.microsoft.io",
         "ENABLE_DYNAMIC_INSTALL": "true",
-        "DYNAMIC_INSTALL_ROOT_DIR": "/tmp/oryx-platforms",
+        "DYNAMIC_INSTALL_ROOT_DIR": "/usr/local/oryx-platforms",
+        "ORYX_PREFER_USER_INSTALLED_SDKS": "true",
         "ORYX_DIR": "/usr/local/oryx",
         "PATH": "${ORYX_DIR}:${PATH}"
     },
diff --git a/src/oryx/install.sh b/src/oryx/install.sh
index c0e04d2..5eeaf18 100755
--- a/src/oryx/install.sh
+++ b/src/oryx/install.sh
@@ -86,6 +86,11 @@ check_packages git sudo wget ca-certificates
 if ! oryx --version > /dev/null ; then
     echo "Installing Oryx..."
 
+    if ! cat /etc/group | grep -e "^oryx:" > /dev/null 2>&1; then
+        groupadd -r oryx
+    fi
+    usermod -a -G oryx "${USERNAME}"
+
     # Install dotnet unless available
     if ! dotnet --version > /dev/null ; then
         echo "'dotnet' was not detected. Attempting to install the latest version of the dotnet sdk to build oryx."
@@ -104,7 +109,6 @@ if ! oryx --version > /dev/null ; then
     mkdir -p ${BUILD_SCRIPT_GENERATOR}
     mkdir -p ${ORYX}
 
-    chown -R ${USERNAME} ${BUILD_SCRIPT_GENERATOR} ${ORYX}
     git clone --depth=1 https://github.com/microsoft/Oryx $GIT_ORYX
 
     $GIT_ORYX/build/buildSln.sh
@@ -118,11 +122,16 @@ if ! oryx --version > /dev/null ; then
     ln -s ${BUILD_SCRIPT_GENERATOR}/GenerateBuildScript ${ORYX}/oryx
     cp -f $GIT_ORYX/images/build/benv.sh ${ORYX}/benv
 
-    ORYX_INSTALL_DIR="/tmp/oryx-platforms"
+    ORYX_INSTALL_DIR="/usr/local/oryx-platforms"
     mkdir -p "${ORYX_INSTALL_DIR}"
-    chown -R ${USERNAME} "${ORYX_INSTALL_DIR}"
 
-    updaterc "export ORYX_SDK_STORAGE_BASE_URL=https://oryx-cdn.microsoft.io && export ENABLE_DYNAMIC_INSTALL=true && DYNAMIC_INSTALL_ROOT_DIR=$ORYX_INSTALL_DIR"
+    updaterc "export ORYX_SDK_STORAGE_BASE_URL=https://oryx-cdn.microsoft.io && export ENABLE_DYNAMIC_INSTALL=true && DYNAMIC_INSTALL_ROOT_DIR=$ORYX_INSTALL_DIR && ORYX_PREFER_USER_INSTALLED_SDKS=true"
+    
+    chown -R :oryx "${ORYX_INSTALL_DIR}" "${BUILD_SCRIPT_GENERATOR}" "${ORYX}"
+    chmod -R g+r+w "${ORYX_INSTALL_DIR}" "${BUILD_SCRIPT_GENERATOR}" "${ORYX}"
+    find "${ORYX_INSTALL_DIR}" -type d | xargs -n 1 chmod g+s
+    find "${BUILD_SCRIPT_GENERATOR}" -type d | xargs -n 1 chmod g+s
+    find "${ORYX}" -type d | xargs -n 1 chmod g+s
 fi
 
 echo "Done!"
diff --git a/src/php/install.sh b/src/php/install.sh
index 6956292..847f50f 100644
--- a/src/php/install.sh
+++ b/src/php/install.sh
@@ -40,7 +40,7 @@ if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then
         fi
     done
     if [ "${USERNAME}" = "" ]; then
-        USERNAME=vscode
+        USERNAME=root
     fi
 elif [ "${USERNAME}" = "none" ]; then
     USERNAME=root
@@ -122,6 +122,11 @@ if [ -d "${PHP_INSTALL_DIR}" ]; then
     exit 1
 fi
 
+if ! cat /etc/group | grep -e "^php:" > /dev/null 2>&1; then
+    groupadd -r php
+fi
+usermod -a -G php "${USERNAME}"
+
 PHP_URL="https://www.php.net/distributions/php-${VERSION}.tar.gz"
 
 PHP_INI_DIR="${PHP_INSTALL_DIR}/ini"
@@ -192,4 +197,8 @@ rm -rf ${PHP_SRC_DIR}
 
 updaterc "if [[ \"\${PATH}\" != *\"${CURRENT_DIR}\"* ]]; then export PATH=${CURRENT_DIR}/bin:\${PATH}; fi"
 
+chown -R :php "${PHP_DIR}"
+chmod -R g+r+w "${PHP_DIR}"
+find "${PHP_DIR}" -type d | xargs -n 1 chmod g+s
+
 echo "Done!"
diff --git a/src/python/install.sh b/src/python/install.sh
index c976671..5bc3a18 100755
--- a/src/python/install.sh
+++ b/src/python/install.sh
@@ -341,6 +341,11 @@ check_packages curl ca-certificates gnupg2 tar make gcc libssl-dev zlib1g-dev li
 
 # Install Python from source if needed
 if [ "${PYTHON_VERSION}" != "none" ]; then
+    if ! cat /etc/group | grep -e "^python:" > /dev/null 2>&1; then
+        groupadd -r python
+    fi
+    usermod -a -G python "${USERNAME}"
+
     CURRENT_PATH="${PYTHON_INSTALL_PATH}/current"
     # If the os-provided versions are "good enough", detect that and bail out.
     if [ ${PYTHON_VERSION} = "os-provided" ] || [ ${PYTHON_VERSION} = "system" ]; then
@@ -357,6 +362,10 @@ if [ "${PYTHON_VERSION}" != "none" ]; then
     fi
     
     updaterc "if [[ \"\${PATH}\" != *\"${CURRENT_PATH}/bin\"* ]]; then export PATH=${CURRENT_PATH}/bin:\${PATH}; fi"
+    
+    chown -R :python "${PYTHON_INSTALL_PATH}"
+    chmod -R g+r+w "${PYTHON_INSTALL_PATH}"
+    find "${PYTHON_INSTALL_PATH}" -type d | xargs -n 1 chmod g+s
 fi
 
 # Install Python tools if needed
@@ -403,6 +412,10 @@ if [ "${INSTALL_PYTHON_TOOLS}" = "true" ]; then
     updaterc "export PIPX_HOME=\"${PIPX_HOME}\""
     updaterc "export PIPX_BIN_DIR=\"${PIPX_BIN_DIR}\""
     updaterc "if [[ \"\${PATH}\" != *\"\${PIPX_BIN_DIR}\"* ]]; then export PATH=\"\${PATH}:\${PIPX_BIN_DIR}\"; fi"
+
+    chown -R :python "${PIPX_HOME}"
+    chmod -R g+r+w "${PIPX_HOME}"
+    find "${PIPX_HOME}" -type d | xargs -n 1 chmod g+s
 fi
 
 # Install JupyterLab if needed
diff --git a/src/ruby/install.sh b/src/ruby/install.sh
index e68197a..ade545c 100644
--- a/src/ruby/install.sh
+++ b/src/ruby/install.sh
@@ -270,8 +270,6 @@ if [ "${SKIP_RBENV_RBUILD}" != "true" ]; then
 
     if [ "${USERNAME}" != "root" ]; then
         mkdir -p /home/${USERNAME}/.rbenv/plugins
-        sudo chown -R ${USERNAME} /home/${USERNAME}/.rbenv
-        sudo chown -R ${USERNAME} /usr/local/rvm/
 
         if [[ ! -d "/home/${USERNAME}/.rbenv/plugins/ruby-build" ]]; then
             ln -s /usr/local/share/ruby-build /home/${USERNAME}/.rbenv/plugins/ruby-build
@@ -279,9 +277,16 @@ if [ "${SKIP_RBENV_RBUILD}" != "true" ]; then
 
         ln -s /usr/local/rvm/rubies/default/bin/ruby /usr/local/rvm/gems/default/bin 
         
+        chown -R :rvm "/home/${USERNAME}/.rbenv"
+        chmod -R g+r+w "/home/${USERNAME}/.rbenv"
+        find "/home/${USERNAME}/.rbenv" -type d | xargs -n 1 chmod g+s
     fi
 fi
 
+chown -R :rvm "/usr/local/rvm"
+chmod -R g+r+w "/usr/local/rvm"
+find "/usr/local/rvm" -type d | xargs -n 1 chmod g+s
+
 # Clean up
 rvm cleanup all
 ${ROOT_GEM} cleanup