fix: HOME fallback for custom container user (#88)

anisaoshafi · web-flow · commit 3335debfd341 · 2026-03-31T16:32:27.000+02:00
diff --git a/cmd/localstack/main.go b/cmd/localstack/main.go
@@ -170,6 +170,8 @@ func main() {
 		}
 	}
 
+	EnsureHome()
+
 	// file watcher for hot-reloading
 	fileWatcherContext, cancelFileWatcher := context.WithCancel(context.Background())
 
diff --git a/cmd/localstack/user.go b/cmd/localstack/user.go
@@ -3,12 +3,13 @@ package main
 
 import (
 	"fmt"
-	log "github.com/sirupsen/logrus"
 	"os"
 	"os/user"
 	"strconv"
 	"strings"
 	"syscall"
+
+	log "github.com/sirupsen/logrus"
 )
 
 // AddUser adds a UNIX user (e.g., sbx_user1051) to the passwd and shadow files if not already present
@@ -82,6 +83,21 @@ func UserLogger() *log.Entry {
 	})
 }
 
+// EnsureHome sets HOME=/tmp if the current process has no /etc/passwd entry.
+// UnsetLsEnvs strips HOME for AWS parity, which is fine in the normal
+// root-start flow where AddUser has written a passwd entry. But when the
+// container is launched with --user=1000:1000, AddUser is never called and
+// Node's os.homedir() / AWS SDK config loading fail with ENOENT.
+func EnsureHome() {
+	if _, err := user.Current(); err != nil {
+		if setErr := os.Setenv("HOME", "/tmp"); setErr != nil {
+			log.Warnln("Could not set HOME=/tmp for non-passwd user:", setErr)
+		} else {
+			log.Debugln("No /etc/passwd entry for current UID; HOME set to /tmp")
+		}
+	}
+}
+
 // DropPrivileges switches to another UNIX user by dropping root privileges
 // Initially based on https://stackoverflow.com/a/75545491/6875981
 func DropPrivileges(userToSwitchTo string) error {

Original file line number	Diff line number	Diff line change
`@@ -170,6 +170,8 @@ func main() {`
`170`	`170`	`}`
`171`	`171`	`}`
`172`	`172`
	`173`	`+ EnsureHome()`
	`174`	`+`
`173`	`175`	`// file watcher for hot-reloading`
`174`	`176`	`fileWatcherContext, cancelFileWatcher := context.WithCancel(context.Background())`
`175`	`177`