be more dynamic around uid generation (OpenHands#1584)

rbren · web-flow · commit 7b6b4e3a1175 · 2024-05-04T22:26:55.000-04:00
* be more dynamic around uid generation

* fix comment

* fix second uid add
diff --git a/containers/app/Dockerfile b/containers/app/Dockerfile
@@ -33,7 +33,8 @@ FROM python:3.12-slim as runtime
 WORKDIR /app
 
 ENV RUN_AS_DEVIN=true
-ENV OPENDEVIN_USER_ID=1000
+# A random number--we need this to be different from the user's UID on the host machine
+ENV OPENDEVIN_USER_ID=42420
 ENV USE_HOST_NETWORK=false
 ENV SSH_HOSTNAME=host.docker.internal
 ENV WORKSPACE_BASE=/opt/workspace_base
diff --git a/containers/app/entrypoint.sh b/containers/app/entrypoint.sh
@@ -10,9 +10,23 @@ if [ -z "$SANDBOX_USER_ID" ]; then
   exit 1
 fi
 
+if [[ "$SANDBOX_USER_ID" -eq 0 ]]; then
+  echo "SANDBOX_USER_ID cannot be 0. Please run with a different user id."
+  exit 1
+fi
+
 # change uid of opendevin user to match the host user
 # but the group id is not changed, so the user can still access everything under /app
-useradd -l -m -u $SANDBOX_USER_ID -s /bin/bash enduser
+if ! useradd -l -m -u $SANDBOX_USER_ID -s /bin/bash enduser; then
+  echo "Failed to create user enduser with id $SANDBOX_USER_ID. Moving opendevin user."
+  incremented_id=$(($SANDBOX_USER_ID + 1))
+  usermod -u $incremented_id opendevin
+  if ! useradd -l -m -u $SANDBOX_USER_ID -s /bin/bash enduser; then
+    echo "Failed to create user enduser with id $SANDBOX_USER_ID for a second time. Exiting."
+    exit 1
+  fi
+fi
+
 usermod -aG app enduser
 mkdir -p /home/enduser/.cache/ms-playwright/
 mv /home/opendevin/.cache/ms-playwright/ /home/enduser/.cache/
