CHE-10756: Use regular user instead of root in theia image (#11076)

* CHE-10756: Use regular user instead of root in theia image

Signed-off-by: Mykola Morhun <mmorhun@redhat.com>

dockerfiles/theia/Dockerfile

@@ -26,4 +26,5 @@ ADD supervisord.conf /etc/
 
 RUN ${HOME}/setup.sh
 
+USER theia
 ENTRYPOINT ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]

dockerfiles/theia/e2e/Dockerfile

@@ -8,6 +8,8 @@
 # Use upstream image
 FROM ${BUILD_ORGANIZATION}/${BUILD_PREFIX}-theia:${BUILD_TAG}
 
+USER root
+
 # Install packages used by Cypress
 RUN yum install -y gtk2-2.24.31-1.el7.x86_64 \
                    libnotify-0.7.7-1.el7.x86_64 \

dockerfiles/theia/src/resolutions-provider.js

@@ -41,7 +41,7 @@ try {
     spawnSync('curl',[`${NPM_API_URL}/search?q=${keyWords}&size=${resultSize}`, '-o', SEARCH_JSON_PATH]);
 } catch(error) {
     console.error("Failed to get Theia depedencies. Cause: ", error);
-    process.exit(2);
+    process.exit(1);
 }
 
 const packageScopeRegexp = '^@theia/.*$';

dockerfiles/theia/src/setup.sh

@@ -14,16 +14,6 @@
 set -e
 set -u
 
-for f in "/etc/passwd" "/etc/group"; do
-    chgrp -R 0 ${f}
-    chmod -R g+rwX ${f};
-done
-# Generate passwd.template
-cat /etc/passwd | sed s#root:x.*#root:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/bash#g > ${HOME}/passwd.template
-# Generate group.template
-cat /etc/group | sed s#root:x:0:#root:x:0:0,\${USER_ID}:#g > ${HOME}/group.template
-
-
 # Install basic software used for checking github API rate limit
 yum install -y epel-release
 yum -y install curl jq expect
@@ -46,6 +36,21 @@ else
     fi
 fi
 
+yum install -y sudo
+# Add a regular user
+useradd -u 1000 -G users,wheel,root -d ${HOME} --shell /bin/bash theia
+usermod -p "*" theia
+echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+for f in "/etc/passwd" "/etc/group"; do
+    chgrp -R 0 ${f}
+    chmod -R g+rwX ${f};
+done
+# Generate passwd.template
+cat /etc/passwd | sed s#root:x.*#root:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/bash#g > ${HOME}/passwd.template
+# Generate group.template
+cat /etc/group | sed s#root:x:0:#root:x:0:0,\${USER_ID}:#g > ${HOME}/group.template
+
 # Add yarn repo
 curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo
 # Install nodejs/npm/yarn
@@ -116,7 +121,7 @@ cd ${HOME}
 rm -rf ${HOME}/theia-source-code
 
 # Change version of Theia to specified in THEIA_VERSION
-cd ${HOME} && ${HOME}/versions.sh 
+cd ${HOME} && ${HOME}/versions.sh
 
 # Apply resolution section to the Theia package.json to use strict versions for Theia dependencies
 node ${HOME}/resolutions-provider.js ${HOME}/package.json

dockerfiles/theia/src/start.sh

@@ -15,20 +15,25 @@ export USER_ID=$(id -u)
 export GROUP_ID=$(id -g)
 
 if ! grep -Fq "${USER_ID}" /etc/passwd; then
-    # current user is an arbitrary 
-    # user (its uid is not in the 
-    # container /etc/passwd). Let's fix that    
+    # current user is an arbitrary
+    # user (its uid is not in the
+    # container /etc/passwd). Let's fix that
     cat ${HOME}/passwd.template | \
     sed "s/\${USER_ID}/${USER_ID}/g" | \
     sed "s/\${GROUP_ID}/${GROUP_ID}/g" | \
     sed "s/\${HOME}/\/home\/theia/g" > /etc/passwd
-    
+
     cat ${HOME}/group.template | \
     sed "s/\${USER_ID}/${USER_ID}/g" | \
     sed "s/\${GROUP_ID}/${GROUP_ID}/g" | \
     sed "s/\${HOME}/\/home\/theia/g" > /etc/group
 fi
 
+# Grant access to projects volume in case of non root user with sudo rights
+if [ "$(id -u)" -ne 0 ] && command -v sudo >/dev/null 2>&1 && sudo -n true > /dev/null 2>&1; then
+    sudo chown ${USER_ID}:${GROUP_ID} /projects
+fi
+
 if [ -z "$THEIA_PORT" ]; then
     export THEIA_PORT=3000
 else