From 1d92e69c4342476fb66a335baf4e1ebf0ed732fb Mon Sep 17 00:00:00 2001
From: Spoffy <4805393+Spoffy@users.noreply.github.com>
Date: Tue, 16 Jul 2024 22:35:27 +0100
Subject: [PATCH] Adds a home directory for non-root docker user in container
 (#1109)

Fixes some edge cases where certain programs (e.g yarn) wouldn't work correctly due to HOME being set to a folder with bad permissions.
---
 sandbox/docker_entrypoint.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sandbox/docker_entrypoint.sh b/sandbox/docker_entrypoint.sh
index 7072e07e..0439739c 100755
--- a/sandbox/docker_entrypoint.sh
+++ b/sandbox/docker_entrypoint.sh
@@ -16,12 +16,20 @@ if [[ $current_user_id == 0 ]]; then
   # Make sure the target user owns everything that Grist needs write access to.
   find $write_dir ! -user "$target_user" -exec chown "$target_user" "{}" +
 
+  # Make a home directory for the target user, in case anything needs to access it.
+  export HOME="/grist_user_homes/${target_user}"
+  mkdir -p "$HOME"
+  chown -R "$target_user":"$target_group" "$HOME"
+
   # Restart as the target user, replacing the current process (replacement is needed for security).
   # Alternative tools to setpriv are: chroot, gosu.
   # Need to use `exec` to close the parent shell, to avoid vulnerabilities: https://github.com/tianon/gosu/issues/37
   exec setpriv --reuid "$target_user" --regid "$target_group" --init-groups /usr/bin/env bash "$0" "$@"
 fi
 
+# Printing the user helps with setting volume permissions.
+echo "Running Grist as user $(id -u) with primary group $(id -g)"
+
 # Validate that this user has access to the top level of each important directory.
 # There might be a benefit to testing individual files, but this is simpler as the dir may start empty.
 for dir in "${important_read_dirs[@]}"; do