Remove the requirement for each user to build their own docker image

Dockerfile.in

@@ -2,14 +2,14 @@ FROM ubuntu:18.04
 RUN apt update && apt install -y python3 python3-pip python3-dev python3-sympy build-essential screen sudo psmisc gnuplot-nox
 RUN pip3 install merklelib==1.0
 RUN pip3 install pynacl==1.3.0
-RUN groupadd -g GROUP_ID walkingo
-RUN useradd -g walkingo -u USER_ID -m -s /bin/bash walkingo
-RUN adduser walkingo sudo
-RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
-USER walkingo
+
+RUN mkdir /home/walkingo
 WORKDIR /home/walkingo
 RUN mkdir analysis
-ENV SHELL=/bin/bash
 
-COPY --chown=walkingo:walkingo client.py dirauth.py network.py relay.py simulator.py .screenrc ./
-COPY --chown=walkingo:walkingo analytical.py bytecounts.py parselogs.py plotdats.py analysis/
+COPY wo_docker_start /usr/bin/
+COPY client.py dirauth.py network.py relay.py simulator.py .screenrc ./
+COPY analytical.py bytecounts.py parselogs.py plotdats.py analysis/
+
+ENV SHELL=/bin/bash
+CMD /usr/bin/wo_docker_start

README.md

@@ -14,7 +14,7 @@ In this repository, you will find:
   * **README.md**: this file
   * **client.py**, **dirauth.py**, **network.py**, **relay.py**, **simulator.py**: the source code for the simulator
   * **build-docker**, **run-docker**, **attach-docker**: scripts to create and run the docker containing the simulator (see below)
-  * **Dockerfile.in**, **run_small.in**: templates used by build-docker and run-docker
+  * **Dockerfile.in**, **run\_small.in**, **wo\_docker\_start.in**: templates used by build-docker and run-docker
   * **analysis**: a directory containing scripts to analyze the log files produced by the simulator and generate graphs in PDF form.  See [Analyzing the results](#analyzing-the-results) below for more information.
   * **logs**: a directory containing the logs output by the simulator when _we_ ran it.  These are the very logfiles that were processed by the [parselogs.py](analysis/parselogs.py) and [plotdats.py](analysis/plotdats.py) scripts to produce the graphs in the paper.  (When you run the simulator yourself, your log files will end up in a directory called **logdir** that will be created by **run-docker**.)
 
@@ -40,13 +40,11 @@ The simulator is written in Python, so you don't strictly have to build it per s
 
 The simulator running in the docker container will write its log files into a directory **logdir** on the host machine via a [bind mount](https://docs.docker.com/storage/bind-mounts/).  In order that you (the person running the simulator) can read and analyze those log files outside of the docker, the log files should be owned by your user id (on the host machine).
 
-To accomplish this, when the docker image is built, the **build-docker** script will check what your user and group ids are on the host machine, and create the "walkingo" user in the docker with those same user and group ids.  That way, when the walkingo user in the docker runs the simulator, it will write files to the **logdir** directory owned by you, and you will be able to easily read them.
-
-The downside is that each person running the simulator needs to build their own docker image, since the image is customized to their user and group ids.  Luckily this is easy.
+To accomplish this, when the docker image is run, the **wo\_docker\_start** docker init script will check the user and group ids that own the **logdir** directory, and create the "walkingo" user in the docker with those same user and group ids.  That way, when the walkingo user in the docker runs the simulator, it will write files to the **logdir** directory owned by you, and you will be able to easily read them.
 
 ### Building the docker image
 
-Run `./build-docker` to create a docker image called `walkingonions`.  As above, this image is meant to be run only by the person that built it, and run from this same directory.
+Run `./build-docker` to create a docker image called `walkingonions`.  This image is meant to be run from this same directory.
 
 ## Running the simulator
 

attach-docker

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-exec docker exec -it walkingo_exp screen -rd
+exec docker exec -u walkingo:walkingo -it walkingo_exp screen -rd

build-docker

@@ -1,7 +1,9 @@
 #!/bin/bash
 
 mkdir -p docker
-sed "s/USER_ID/$(id -u)/; s/GROUP_ID/$(id -g)/" Dockerfile.in > docker/Dockerfile
+cp -av Dockerfile.in docker/Dockerfile
+cp -av wo_docker_start.in docker/wo_docker_start
+chmod 755 docker/wo_docker_start
 cp -av client.py dirauth.py network.py relay.py simulator.py docker/
 cp -av analysis/analytical.py analysis/bytecounts.py analysis/parselogs.py analysis/plotdats.py docker/
 echo "deflogin off" > docker/.screenrc

run-docker

@@ -5,4 +5,5 @@ if [ ! -x logdir/run_sims ]; then
     cp run_sims.in logdir/run_sims
     chmod 755 logdir/run_sims
 fi
-docker run --rm --name walkingo_exp -v `/bin/pwd`/logdir:/home/walkingo/logdir walkingonions screen -D -m &
+docker run --rm --name walkingo_exp -v `/bin/pwd`/logdir:/home/walkingo/logdir walkingonions &
+sleep 3

wo_docker_start.in

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Create the walkingo user and group to match the uid and gid
+# of the mounted /home/walkingo/logdir directory
+
+cd /home/walkingo || exit 1
+[ -d logdir ] || exit 1
+wouid=`/usr/bin/stat -c %u logdir`
+wogid=`/usr/bin/stat -c %g logdir`
+/usr/sbin/groupadd -g $wogid walkingo
+/usr/sbin/useradd -g walkingo -u $wouid -s /bin/bash walkingo
+/bin/cp -a /etc/skel/.bash* /etc/skel/.profile .
+
+# Give the new walkingo user sudo permissions in the docker
+/usr/sbin/adduser walkingo sudo > /dev/null
+echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+
+# Chown the files in the new user's homedir (pre-populated by
+# the docker image), except for the mounted logdir
+/usr/bin/find . -name logdir -prune -o -exec chown ${wouid}:${wogid} {} \;
+
+# Run screen as the new walkingo user, ready to be attached
+echo "docker container ready; use ./attach-docker to connect to it."
+/bin/su walkingo -c "screen -D -m"