Crear usuarix dentro de haini.sh

..en vez de mentir en $HOME.

/Sutty$ id
uid=1000(suttier) gid=1000(suttier) groups=65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),65534(nobody),1000(suttier)

/Sutty$ ssh -vvv 0xacab.org
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/suttier/.ssh/known_hosts'

haini.sh

@@ -40,9 +40,17 @@ ENTORNO=${ENTORNO:-${ROOT}/hain}
 correr() {
   echo "> $1" >&2
 
+  if test "$AS_ROOT"; then
+    SET_UID=0
+    SET_GID=0
+  else
+    SET_UID="$(id -u)"
+    SET_GID="$(id -g)"
+  fi
+
   env -i \
     TERM="$TERM" \
-    USER="$USER" \
+    USER="suttier" \
     HOME="/home/suttier" \
     HAIN_ENV=true \
     RAILS_ENV="${RAILS_ENV:-development}" \
@@ -51,15 +59,15 @@ correr() {
     PAGER="less -niSFX" \
     bwrap \
     --die-with-parent \
-    --unshare-user-try \
+    --unshare-user \
+    --uid "$SET_UID" \
+    --gid "$SET_GID" \
     --unshare-ipc \
     --unshare-uts \
     --unshare-cgroup-try \
     --bind "$ENTORNO" / \
     --bind "$ROOT" /Sutty \
     --ro-bind /etc/hosts /etc/hosts \
-    --ro-bind /etc/passwd /etc/passwd \
-    --ro-bind /etc/group /etc/group \
     --ro-bind /etc/resolv.conf /etc/resolv.conf \
     --ro-bind /etc/localtime /etc/localtime \
     --dev-bind /dev /dev \
@@ -169,6 +177,22 @@ crear_entorno() {
     && mv "$ENTORNO$HOME" "$ENTORNO/home/suttier"
   mkdir -p "$ENTORNO/home/suttier"
 
+  if ! grep ^suttier: "$ENTORNO/etc/group" >/dev/null 2>&1 ; then
+    AS_ROOT=true correr "addgroup \
+      -g $(id -g) \
+      suttier"
+  fi
+  if ! correr "id suttier" >/dev/null 2>&1 ; then
+    AS_ROOT=true correr "adduser \
+      --disabled-password \
+      --gecos '' \
+      --home /home/suttier \
+      --no-create-home \
+      --uid $(id -u) \
+      --ingroup suttier \
+      suttier"
+  fi
+
   # Configurar rubygems para que descargue las gemas desde Sutty
   install -m 640 "$DIR/.gemrc" "$ENTORNO/home/suttier/.gemrc"