Merge pull request #413 from continuouspipe/feature/allow-things-to-be-ran-as-non-privileged-user

Add a `NON_PRIVELEGED_USER` environment variable to start services as the current user

Author: sroze

nginx/etc/confd/templates/nginx/nginx.conf.tmpl

@@ -1,4 +1,6 @@
+{{ if not (eq "true" (getenv "NON_PRIVILEGED_USER")) }}
 user www-data;
+{{ end }}
 worker_processes auto;
 pid /run/nginx.pid;
 

php/nginx/etc/confd/templates/nginx/nginx.conf.tmpl

@@ -1,4 +1,6 @@
+{{ if not (eq "true" (getenv "NON_PRIVILEGED_USER")) }}
 user www-data;
+{{ end }}
 worker_processes auto;
 pid /run/nginx.pid;
 

php/nginx/etc/confd/templates/php-fpm/pool.conf.tmpl

@@ -7,8 +7,10 @@ clear_env = no
 
 listen = /run/php{{ getenv "PHP_VERSION" }}-fpm.sock
 
+{{ if not (eq "true" (getenv "NON_PRIVILEGED_USER")) }}
 listen.owner = www-data
 listen.group = www-data
+{{ end }}
 
 pm = dynamic
 

php/nginx/etc/confd/templates/supervisor/nginx.conf.tmpl

@@ -5,7 +5,9 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 loglevel = warn
+{{ if not (eq "true" (getenv "NON_PRIVILEGED_USER")) }}
 user = root
+{{ end }}
 autostart = {{ getenv "START_NGINX" }}
 autorestart = true
 priority = 5

php/nginx/etc/confd/templates/supervisor/php-fpm.conf.tmpl

@@ -4,7 +4,9 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
+{{ if not (eq "true" (getenv "NON_PRIVILEGED_USER")) }}
 user = root
+{{ end }}
 autostart = {{ getenv "START_PHP_FPM" }}
 autorestart = true
 priority = 5

ubuntu/16.04/usr/local/share/bootstrap/common_functions.sh

@@ -42,6 +42,13 @@ as_user() (
   set +x
   local COMMAND="$1"
   local WORKING_DIR="$2"
+
+  if [ "true" = "$NON_PRIVILEGED_USER" ]; then
+    set -x
+    /bin/bash -c "cd '$WORKING_DIR'; $COMMAND"
+    return "$?"
+  fi
+
   local USER="$3"
   if [ -z "$COMMAND" ]; then
     return 1;