be more dynamic around uid generation (#1584)

* be more dynamic around uid generation * fix comment * fix second uid add
2026-03-22 05:37:20 +08:00 · 2024-05-04 22:26:55 -04:00
parent 24c5bcb502
commit 7b6b4e3a11
2 changed files with 17 additions and 2 deletions
--- a/containers/app/Dockerfile
+++ b/containers/app/Dockerfile
@@ -33,7 +33,8 @@ FROM python:3.12-slim as runtime
 WORKDIR /app

 ENV RUN_AS_DEVIN=true
-ENV OPENDEVIN_USER_ID=1000
+# A random number--we need this to be different from the user's UID on the host machine
+ENV OPENDEVIN_USER_ID=42420
 ENV USE_HOST_NETWORK=false
 ENV SSH_HOSTNAME=host.docker.internal
 ENV WORKSPACE_BASE=/opt/workspace_base
--- a/containers/app/entrypoint.sh
+++ b/containers/app/entrypoint.sh
@@ -10,9 +10,23 @@ if [ -z "$SANDBOX_USER_ID" ]; then
  exit 1
 fi

+if [[ "$SANDBOX_USER_ID" -eq 0 ]]; then
+  echo "SANDBOX_USER_ID cannot be 0. Please run with a different user id."
+  exit 1
+fi
+
 # change uid of opendevin user to match the host user
 # but the group id is not changed, so the user can still access everything under /app
-useradd -l -m -u $SANDBOX_USER_ID -s /bin/bash enduser
+if ! useradd -l -m -u $SANDBOX_USER_ID -s /bin/bash enduser; then
+  echo "Failed to create user enduser with id $SANDBOX_USER_ID. Moving opendevin user."
+  incremented_id=$(($SANDBOX_USER_ID + 1))
+  usermod -u $incremented_id opendevin
+  if ! useradd -l -m -u $SANDBOX_USER_ID -s /bin/bash enduser; then
+    echo "Failed to create user enduser with id $SANDBOX_USER_ID for a second time. Exiting."
+    exit 1
+  fi
+fi
+
 usermod -aG app enduser
 mkdir -p /home/enduser/.cache/ms-playwright/
 mv /home/opendevin/.cache/ms-playwright/ /home/enduser/.cache/