Run as root by default

Optionally run as another user/group only if the env vars are specified. Should give flexibility to those who need to run processes as root and open ports without having to request additional priveleges
2025-06-18 02:06:25 +00:00 · 2023-03-30 09:04:37 +10:00
parent d5ed70dbb6
commit 56a92e5c0e
8 changed files with 87 additions and 50 deletions
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh
@ -3,23 +3,23 @@

 set -e

-PUID=${PUID:-911}
-PGID=${PGID:-911}
-
-log_info 'Configuring npmuser ...'
-
-groupmod -g 1000 users || exit 1
-
-if id -u npmuser; then
-	# user already exists
-	usermod -u "${PUID}" npmuser || exit 1
+if [ "$PUID" = '0' ]; then
+	log_info 'Skipping npmuser configuration'
 else
-	# Add npmuser user
-	useradd -u "${PUID}" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1
-fi
+	log_info 'Configuring npmuser ...'
+	groupmod -g 1000 users || exit 1

-usermod -G users npmuser || exit 1
-groupmod -o -g "${PGID}" npmuser || exit 1
-# Home for npmuser
-mkdir -p /tmp/npmuserhome
-chown -R npmuser:npmuser /tmp/npmuserhome
+	if id -u npmuser; then
+		# user already exists
+		usermod -u "$PUID" npmuser || exit 1
+	else
+		# Add npmuser user
+		useradd -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1
+	fi
+
+	usermod -G users npmuser || exit 1
+	groupmod -o -g "$PGID" npmuser || exit 1
+	# Home for npmuser
+	mkdir -p /tmp/npmuserhome
+	chown -R npmuser:npmuser /tmp/npmuserhome
+fi
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
@ -9,16 +9,16 @@ log_info 'Setting ownership ...'
 chown root /tmp/nginx

 # npmuser
-chown -R npmuser:npmuser /data
-chown -R npmuser:npmuser /etc/letsencrypt
-chown -R npmuser:npmuser /run/nginx
-chown -R npmuser:npmuser /tmp/nginx
-chown -R npmuser:npmuser /var/cache/nginx
-chown -R npmuser:npmuser /var/lib/logrotate
-chown -R npmuser:npmuser /var/lib/nginx
-chown -R npmuser:npmuser /var/log/nginx
+chown -R "$PUID:$PGID" /data \
+	/etc/letsencrypt \
+	/run/nginx \
+	/tmp/nginx \
+	/var/cache/nginx \
+	/var/lib/logrotate \
+	/var/lib/nginx \
+	/var/log/nginx

 # Don't chown entire /etc/nginx folder as this causes crashes on some systems
-chown -R npmuser:npmuser /etc/nginx/nginx
-chown -R npmuser:npmuser /etc/nginx/nginx.conf
-chown -R npmuser:npmuser /etc/nginx/conf.d
+chown -R "$PUID:$PGID" /etc/nginx/nginx \
+	/etc/nginx/nginx.conf \
+	/etc/nginx/conf.d
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh
@ -10,8 +10,10 @@ echo "-------------------------------------
 |  \| | |_) | |\/| |
 | |\  |  __/| |  | |
 |_| \_|_|   |_|  |_|
-------------------------------------
-User UID: $(id -u npmuser)
-User GID: $(id -g npmuser)
-------------------------------------
-"
+-------------------------------------"
+if [[ "$PUID" -ne '0' ]]; then
+	echo "User UID: $(id -u npmuser)"
+	echo "User GID: $(id -g npmuser)"
+	echo "-------------------------------------"
+fi
+echo