add uid and gid options for running commands

commands/commands.go

@@ -30,6 +30,8 @@ type Command struct {
 	logger  log.Entry
 	lock    *sync.Mutex
 	fields  log.Fields
+	UID     int
+	GID     int
 }
 
 // NewCommand parses JSON config into a Command
@@ -101,7 +103,20 @@ func (c *Command) Run(pctx context.Context, bus *events.EventBus) {
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
 	}
+
 	cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
+	if os.Getuid() == 0 {
+	    if c.UID != 0 && c.GID != 0 {
+            cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(c.UID), Gid: uint32(c.GID)}
+        } else if c.UID != 0 {
+            cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(c.UID)}
+        } else if c.GID != 0 {
+            cmd.SysProcAttr.Credential = &syscall.Credential{Gid: uint32(c.GID)}
+        }
+   	} else {
+   	    log.Debugf("%s.Skipping uid and gid (ContainerPilot is not running as root)", c.Name)
+   	}
+
 	c.Cmd = cmd
 	ctx, cancel := getContext(pctx, c.Timeout)
 

docs/30-configuration/34-jobs.md

@@ -108,6 +108,14 @@ The `name` field is the name of the job as it will appear in logs and events. It
 
 The `exec` field is the executable (and its arguments) that is called when the job runs. This field can contain a string or an array of strings ([see below](#exec-arguments) for details on the format). The command to be run will have a process group set and this entire process group will be reaped by ContainerPilot when the process exits. The process will be run concurrently to all other work, so the process won't block the processing of other ContainerPilot events.
 
+##### `uid`
+
+The `uid` field is the ID of the user that runs the command.
+
+##### `gid`
+
+The `gid` field is the ID of the group that runs the command.
+
 ##### `logging`
 
 Jobs and health checks have a `logging` configuration block with a single option: `raw`. When the `raw`field is set to `false` (the default), ContainerPilot will wrap each line of output from an `exec` process's stdout/stderr in a log line. If set to `true`, ContainerPilot will attach the stdout/stderr of the process to the container's stdout/stderr and these streams will be unmodified by ContainerPilot. The latter option can be useful if the process emits structured logs in its own format.

jobs/config.go

@@ -21,6 +21,8 @@ const taskMinDuration = time.Millisecond
 type Config struct {
 	Name string      `mapstructure:"name"`
 	Exec interface{} `mapstructure:"exec"`
+	UID int          `mapstructure:"uid"`
+	GID int          `mapstructure:"gid"`
 
 	// service discovery
 	Port              int           `mapstructure:"port"`
@@ -289,6 +291,8 @@ func (cfg *Config) validateExec() error {
 			cfg.Name = cmd.Exec
 		}
 		cmd.Name = cfg.Name
+        cmd.UID = cfg.UID
+        cmd.GID = cfg.GID
 		cfg.exec = cmd
 	}
 	return nil

jobs/config_test.go

@@ -23,6 +23,8 @@ func TestJobConfigServiceWithPreStart(t *testing.T) {
 	// job0 is the main application
 	job0 := jobs[0]
 	assert.Equal(job0.Name, "serviceA", "config for job0.Name")
+	assert.Equal(job0.UID, 1, "config for job0.UID")
+	assert.Equal(job0.GID, 1, "config for job0.GID")
 	assert.Equal(job0.Exec, "/bin/serviceA.sh", "config for job0.Exec")
 	assert.Equal(job0.exec.Exec, "/bin/serviceA.sh",
 		"config for job.0.Exec.exec")

jobs/testdata/TestJobConfigServiceWithPreStart.json5

@@ -2,6 +2,8 @@
   {
     name: "serviceA",
     port: 8080,
+    uid: 1,
+    gid: 1,
     interfaces: ["inet", "lo0"],
     exec: "/bin/serviceA.sh",
     when: {

makefile

@@ -11,7 +11,7 @@ LDFLAGS := -X ${IMPORT_PATH}/version.GitHash=$(shell git rev-parse --short HEAD)
 
 ROOT := $(shell pwd)
 RUNNER := -v ${ROOT}:/go/src/${IMPORT_PATH} -w /go/src/${IMPORT_PATH} containerpilot_build
-docker := docker run --rm -e LDFLAGS="${LDFLAGS}" $(RUNNER)
+docker := docker run --disable-content-trust --rm -e LDFLAGS="${LDFLAGS}" $(RUNNER)
 export PATH :=$(PATH):$(GOPATH)/bin
 
 # flags for local development