Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for running Docker container as non-root user using docker-entrypoint.sh #1892

Merged
merged 4 commits into from
Jul 21, 2024
Merged

Add support for running Docker container as non-root user using docker-entrypoint.sh #1892

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
34d6044
Enabling the usage of non root user in Docker
lmmendes Jun 10, 2024
79f196e
Added docker-entrypoint.sh to .goreleaser.yml
lmmendes Jun 10, 2024
91d52f7
Renamed UID to PUID and GID to PGID
lmmendes Jul 18, 2024
81e63b5
Merge branch 'master' into feature/non-root-docker-user-entrypoint
lmmendes Jul 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Renamed UID to PUID and GID to PGID
  • Loading branch information
@lmmendes
lmmendes committed Jul 18, 2024
commit 91d52f7fc55a09376cc1b089d5a5c6b0ecc554d8
34 changes: 17 additions & 17 deletions docker-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,30 +2,30 @@

set -e

export UID=${UID:-0}
export GID=${GID:-0}
export PUID=${PUID:-0}
export PGID=${PGID:-0}
export GROUP_NAME="app"
export USER_NAME="app"

# This function evaluates if the supplied GID is already in use
# if it is not in use, it creates the group with the GID
# This function evaluates if the supplied PGID is already in use
# if it is not in use, it creates the group with the PGID
# if it is in use, it sets the GROUP_NAME to the existing group
create_group() {
if ! getent group ${GID} > /dev/null 2>&1; then
addgroup -g ${GID} ${GROUP_NAME}
if ! getent group ${PGID} > /dev/null 2>&1; then
addgroup -g ${PGID} ${GROUP_NAME}
else
existing_group=$(getent group ${GID} | cut -d: -f1)
existing_group=$(getent group ${PGID} | cut -d: -f1)
export GROUP_NAME=${existing_group}
fi
}

# This function evaluates if the supplied UID is already in use
# if it is not in use, it creates the user with the UID and GID
# This function evaluates if the supplied PUID is already in use
# if it is not in use, it creates the user with the PUID and PGID
create_user() {
if ! getent passwd ${UID} > /dev/null 2>&1; then
adduser -u ${UID} -G ${GROUP_NAME} -s /bin/sh -D ${USER_NAME}
if ! getent passwd ${PUID} > /dev/null 2>&1; then
adduser -u ${PUID} -G ${GROUP_NAME} -s /bin/sh -D ${USER_NAME}
else
existing_user=$(getent passwd ${UID} | cut -d: -f1)
existing_user=$(getent passwd ${PUID} | cut -d: -f1)
export USER_NAME=${existing_user}
fi
}
Expand All @@ -35,14 +35,14 @@ create_group
create_user

# Set the ownership of the app directory to the app user
chown -R ${UID}:${GID} /listmonk
chown -R ${PUID}:${PGID} /listmonk

echo "Launching listmonk with user=[${USER_NAME}] group=[${GROUP_NAME}] uid=[${UID}] gid=[${GID}]"
echo "Launching listmonk with user=[${USER_NAME}] group=[${GROUP_NAME}] PUID=[${PUID}] PGID=[${PGID}]"

# If running as root and UID is not 0, then execute command as UID
# If running as root and PUID is not 0, then execute command as PUID
# this allows us to run the container as a non-root user
if [ "$(id -u)" = "0" ] && [ "${UID}" != "0" ]; then
su-exec ${UID}:${GID} "$@"
if [ "$(id -u)" = "0" ] && [ "${PUID}" != "0" ]; then
su-exec ${PUID}:${PGID} "$@"
else
exec "$@"
fi