Put codebuff into a distrobox. Exported the command. Not shown here.
Setup a new user on host and on the distrobox #
Need a new user on the host (groupid is important, you figure out which one to use):
1sudo useradd -m -u 1500 -g 1003 nat-bot
As the user has no password set, he can't login. Perfect security...
Do the same in the distrobox, but this time make the user password less:
1distrobox-enter -n codebuff -- su -c 'useradd -m -u 1500 -g 1003 nat-bot'
2distrobox-enter -n codebuff -- su -c 'passwd -d mulle-bot'
And now you can do su and no password will be asked.
Modify codebuff script #
Edit which codebuff to use the new user:
1#!/bin/sh
2# distrobox_binary
3# name: codebuff
4if [ -z "${CONTAINER_ID}" ]; then
5 exec "/usr/local/bin/distrobox-enter" -n codebuff -- su nat-bot -c '/usr/local/bin/codebuff' "$@"
6elif [ -n "${CONTAINER_ID}" ] && [ "${CONTAINER_ID}" != "codebuff" ]; then
7 exec distrobox-host-exec '/home/nat/bin/codebuff' "$@"
8else
9 exec '/usr/local/bin/codebuff' "$@"
10fi
So stuff will be executed as the user nat-bot.