luisgulo/photoprism
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Docker: Improve user id switching in entrypoint.sh scripts

Browse source
This commit is contained in:
Michael Mayer 2022-02-20 14:23:24 +01:00
parent 053394c969
commit 20b3e6a268
2 changed files with 18 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
docker/develop/entrypoint.sh
View file

@ -20,8 +20,6 @@ else
echo "started as uid $(id -u)" echo "started as uid $(id -u)"
fi fi
STORAGE_PATH=${PHOTOPRISM_STORAGE_PATH:-/go/src/github.com/photoprism/photoprism/storage}
re='^[0-9]+$' re='^[0-9]+$'
# check for alternate umask variable # check for alternate umask variable
@ -58,16 +56,17 @@ if [[ $(id -u) == "0" ]]; then
fi fi
fi fi
# create missing user/group if needed # check uid and gid env variables
if [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]] && [[ ${PHOTOPRISM_GID} =~ $re ]] && [[ ${PHOTOPRISM_GID} != "0" ]]; then if [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]] && [[ ${PHOTOPRISM_GID} =~ $re ]] && [[ ${PHOTOPRISM_GID} != "0" ]]; then
# RUN AS SPECIFIED USER + GROUP ID
groupadd -g "${PHOTOPRISM_GID}" "group_${PHOTOPRISM_GID}" 2>/dev/null groupadd -g "${PHOTOPRISM_GID}" "group_${PHOTOPRISM_GID}" 2>/dev/null
useradd -o -u "${PHOTOPRISM_UID}" -g "${PHOTOPRISM_GID}" -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null useradd -o -u "${PHOTOPRISM_UID}" -g "${PHOTOPRISM_GID}" -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null
usermod -g "${PHOTOPRISM_GID}" "user_${PHOTOPRISM_UID}" 2>/dev/null usermod -g "${PHOTOPRISM_GID}" "user_${PHOTOPRISM_UID}" 2>/dev/null
if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
echo "updating storage permissions..." echo "updating storage permissions..."
chown --preserve-root -Rf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" /go /photoprism /tmp/photoprism /opt/photoprism chown --preserve-root -Rcf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" /go /photoprism /opt/photoprism /tmp/photoprism
chmod --preserve-root -Rf u+rwX "${STORAGE_PATH}" chmod --preserve-root -Rcf u+rwX /go/src/github.com/photoprism/photoprism/* /photoprism /opt/photoprism /tmp/photoprism
echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates" echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates"
fi fi
@ -76,14 +75,14 @@ if [[ $(id -u) == "0" ]]; then
gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" & gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
elif [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]]; then elif [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]]; then
# user ID only # RUN AS SPECIFIED USER ID
useradd -o -u "${PHOTOPRISM_UID}" -g 1000 -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null useradd -o -u "${PHOTOPRISM_UID}" -g 1000 -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null
usermod -g 1000 "user_${PHOTOPRISM_UID}" 2>/dev/null usermod -g 1000 "user_${PHOTOPRISM_UID}" 2>/dev/null
if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
echo "updating storage permissions..." echo "updating storage permissions..."
chown --preserve-root -Rf "${PHOTOPRISM_UID}" /go /photoprism /tmp/photoprism /opt/photoprism chown --preserve-root -Rcf "${PHOTOPRISM_UID}" /go /photoprism /opt/photoprism /tmp/photoprism
chmod --preserve-root -Rf u+rwX "${STORAGE_PATH}" chmod --preserve-root -Rcf u+rwX /go/src/github.com/photoprism/photoprism/* /photoprism /opt/photoprism /tmp/photoprism
echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates" echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates"
fi fi
@ -92,14 +91,14 @@ if [[ $(id -u) == "0" ]]; then
gosu "${PHOTOPRISM_UID}" "$@" & gosu "${PHOTOPRISM_UID}" "$@" &
else else
# run as root # RUN AS ROOT
echo "running as root" echo "running as root"
echo "${@}" echo "${@}"
"$@" & "$@" &
fi fi
else else
# running as user # RUN AS NON-ROOT USER
echo "running as uid $(id -u)" echo "running as uid $(id -u)"
echo "${@}" echo "${@}"

20
scripts/dist/entrypoint.sh vendored
View file

@ -20,8 +20,6 @@ else
echo "started as uid $(id -u)" echo "started as uid $(id -u)"
fi fi
STORAGE_PATH=${PHOTOPRISM_STORAGE_PATH:-/photoprism/storage}
re='^[0-9]+$' re='^[0-9]+$'
# check for alternate umask variable # check for alternate umask variable
@ -58,16 +56,17 @@ if [[ $(id -u) == "0" ]]; then
fi fi
fi fi
# create missing user/group if needed # check uid and gid env variables
if [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]] && [[ ${PHOTOPRISM_GID} =~ $re ]] && [[ ${PHOTOPRISM_GID} != "0" ]]; then if [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]] && [[ ${PHOTOPRISM_GID} =~ $re ]] && [[ ${PHOTOPRISM_GID} != "0" ]]; then
# RUN AS SPECIFIED USER + GROUP ID
groupadd -g "${PHOTOPRISM_GID}" "group_${PHOTOPRISM_GID}" 2>/dev/null groupadd -g "${PHOTOPRISM_GID}" "group_${PHOTOPRISM_GID}" 2>/dev/null
useradd -o -u "${PHOTOPRISM_UID}" -g "${PHOTOPRISM_GID}" -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null useradd -o -u "${PHOTOPRISM_UID}" -g "${PHOTOPRISM_GID}" -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null
usermod -g "${PHOTOPRISM_GID}" "user_${PHOTOPRISM_UID}" 2>/dev/null usermod -g "${PHOTOPRISM_GID}" "user_${PHOTOPRISM_UID}" 2>/dev/null
if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
echo "updating storage permissions..." echo "updating storage permissions..."
chown --preserve-root -Rf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" /photoprism chown --preserve-root -Rcf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" /photoprism /opt/photoprism
chmod --preserve-root -Rf u+rwX "${STORAGE_PATH}" chmod --preserve-root -Rcf u+rwX /photoprism /opt/photoprism
echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates" echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates"
fi fi
@ -76,14 +75,14 @@ if [[ $(id -u) == "0" ]]; then
gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" audit.sh && gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" & gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" audit.sh && gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
elif [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]]; then elif [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]]; then
# user ID only # RUN AS SPECIFIED USER ID
useradd -o -u "${PHOTOPRISM_UID}" -g 1000 -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null useradd -o -u "${PHOTOPRISM_UID}" -g 1000 -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null
usermod -g 1000 "user_${PHOTOPRISM_UID}" 2>/dev/null usermod -g 1000 "user_${PHOTOPRISM_UID}" 2>/dev/null
if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
echo "updating storage permissions..." echo "updating storage permissions..."
chown --preserve-root -Rf "${PHOTOPRISM_UID}" /photoprism chown --preserve-root -Rcf "${PHOTOPRISM_UID}" /photoprism /opt/photoprism
chmod --preserve-root -Rf u+rwX "${STORAGE_PATH}" chmod --preserve-root -Rcf u+rwX /photoprism /opt/photoprism
echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates" echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates"
fi fi
@ -92,15 +91,14 @@ if [[ $(id -u) == "0" ]]; then
gosu "${PHOTOPRISM_UID}" audit.sh && gosu "${PHOTOPRISM_UID}" "$@" & gosu "${PHOTOPRISM_UID}" audit.sh && gosu "${PHOTOPRISM_UID}" "$@" &
else else
# no user or group ID set via end variable # RUN AS ROOT
echo "running as root" echo "running as root"
echo "${@}" echo "${@}"
audit.sh && "$@" & audit.sh && "$@" &
fi fi
else else
# RUN AS NON-ROOT USER
# running as root
echo "running as uid $(id -u)" echo "running as uid $(id -u)"
echo "${@}" echo "${@}"