kupferbootstrap/wrapper_su_helper.py

#!/bin/python3

import click
import pwd
import os

from logger import logging, setup_logging

from constants import WRAPPER_ENV_VAR
from exec.cmd import run_cmd, flatten_shell_script
from exec.file import chown


@click.command('kupferbootstrap_su')
@click.option('--username', default='kupfer', help="The user's name. If --uid is provided, the user's uid will be changed to this in passwd")
@click.option('--uid', default=1000, type=int, help='uid to change $username to and run as')
@click.argument('cmd', type=str, nargs=-1)
def kupferbootstrap_su(cmd: list[str], uid: int = 1000, username: str = 'kupfer'):
    "Changes `username`'s uid to `uid` and executes kupferbootstrap as that user"
    cmd = list(cmd)
    user = pwd.getpwnam(username)
    home = user.pw_dir
    if uid != user.pw_uid:
        run_cmd(['usermod', '-o', '-u', str(uid), username]).check_returncode()  # type: ignore[union-attr]
        chown(home, username, recursive=False)
    logging.debug(f'wrapper_su_helper: running {cmd} as {repr(username)}')
    env_inject = ['env', f'{WRAPPER_ENV_VAR}={os.environ[WRAPPER_ENV_VAR]}'] if WRAPPER_ENV_VAR in os.environ else []
    su_cmd = ['sudo', *env_inject, 'su', '-P', username, '-c', flatten_shell_script(cmd, wrap_in_shell_quote=True, shell_quote_items=True)]
    result = run_cmd(su_cmd, attach_tty=True)
    assert isinstance(result, int)
    exit(result)


if __name__ == '__main__':
    setup_logging(True)
    kupferbootstrap_su(prog_name='kupferbootstrap_su_helper')
DockerWrapper.wrap(): run as config.runtime.uid instead of root 2022-08-27 05:55:19 +02:00			`#!/bin/python3`

			`import click`
			`import pwd`
wrapper_su_helper.py: inject constants.WRAPPER_ENV_VAR into user env 2022-09-24 05:22:50 +02:00			`import os`
DockerWrapper.wrap(): run as config.runtime.uid instead of root 2022-08-27 05:55:19 +02:00
			`from logger import logging, setup_logging`

wrapper_su_helper.py: inject constants.WRAPPER_ENV_VAR into user env 2022-09-24 05:22:50 +02:00			`from constants import WRAPPER_ENV_VAR`
wrapper_su_helper.py: use `su -P` to allocate a pseudo-TTY 2022-08-28 07:27:04 +02:00			`from exec.cmd import run_cmd, flatten_shell_script`
DockerWrapper.wrap(): run as config.runtime.uid instead of root 2022-08-27 05:55:19 +02:00			`from exec.file import chown`


			`@click.command('kupferbootstrap_su')`
			`@click.option('--username', default='kupfer', help="The user's name. If --uid is provided, the user's uid will be changed to this in passwd")`
			`@click.option('--uid', default=1000, type=int, help='uid to change $username to and run as')`
			`@click.argument('cmd', type=str, nargs=-1)`
			`def kupferbootstrap_su(cmd: list[str], uid: int = 1000, username: str = 'kupfer'):`
			"Changes `username`'s uid to `uid` and executes kupferbootstrap as that user"
			`cmd = list(cmd)`
			`user = pwd.getpwnam(username)`
			`home = user.pw_dir`
			`if uid != user.pw_uid:`
wrapper_su_helper.py: tolerate non-unique uid 2022-12-29 13:15:06 +01:00			`run_cmd(['usermod', '-o', '-u', str(uid), username]).check_returncode() # type: ignore[union-attr]`
DockerWrapper.wrap(): run as config.runtime.uid instead of root 2022-08-27 05:55:19 +02:00			`chown(home, username, recursive=False)`
wrapper_su_helper.py: use `su -P` to allocate a pseudo-TTY 2022-08-28 07:27:04 +02:00			`logging.debug(f'wrapper_su_helper: running {cmd} as {repr(username)}')`
wrapper_su_helper.py: inject constants.WRAPPER_ENV_VAR into user env 2022-09-24 05:22:50 +02:00			`env_inject = ['env', f'{WRAPPER_ENV_VAR}={os.environ[WRAPPER_ENV_VAR]}'] if WRAPPER_ENV_VAR in os.environ else []`
			`su_cmd = ['sudo', *env_inject, 'su', '-P', username, '-c', flatten_shell_script(cmd, wrap_in_shell_quote=True, shell_quote_items=True)]`
wrapper_su_helper.py: use `su -P` to allocate a pseudo-TTY 2022-08-28 07:27:04 +02:00			`result = run_cmd(su_cmd, attach_tty=True)`
DockerWrapper.wrap(): run as config.runtime.uid instead of root 2022-08-27 05:55:19 +02:00			`assert isinstance(result, int)`
			`exit(result)`


			`if __name__ == '__main__':`
			`setup_logging(True)`
			`kupferbootstrap_su(prog_name='kupferbootstrap_su_helper')`