fix(entrypoint): set non-bogus $HOME
when using su
to avoid 3rd-party issues
#2318
+1
−1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #2317
Fixes #2053
Fixes #1288
We preserve the environment - because we need it - when executing commands:
docker/30/apache/entrypoint.sh
Lines 14 to 20 in d03da64
This doesn't cause issues typically, but since
$HOME
is carried over fromroot
it can cause issues like #2317 / #2053 / #1288 that are challenging to diagnose.It is kind of ugly that we carry over a bogus
$HOME
value. Since the path is also inaccessible, it's also pointless.We might consider instead one of the following approaches:
run_as
?-p
, switching to-l
with a whitelist (-w
): https://man.archlinux.org/man/su.1.en#OPTIONSHOME
to the correct valueHOME=/var/www
to thesu
callThis PR takes the second approach.
This should cut down on problems people encounter when running up against third-party tools that query
$HOME
. Since the value was already problematic, I can't think of any problems this will cause. It should not be a breaking change.