diff --git a/Dockerfile b/Dockerfile index 46669c5e..fc42e575 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,8 +50,8 @@ RUN set -ex; \ zlib1g && \ apt-get clean && \ rm -rf /var/lib/apt/lists/*; \ - useradd -u 911 -U -d /datastore -s /bin/false abc && \ - usermod -G users abc; \ + useradd -u 911 -U -d /datastore -s /bin/false changedetection && \ + usermod -G users changedetection; \ mkdir -p /datastore # https://stackoverflow.com/questions/58701233/docker-logs-erroneously-appears-empty-until-container-stops @@ -68,7 +68,7 @@ EXPOSE 5000 # The entrypoint script handling PUID/PGID and permissions COPY docker-entrypoint.sh /app/docker-entrypoint.sh -RUN chmod u+x /app/docker-entrypoint.sh +RUN chmod 777 /app/docker-entrypoint.sh # The actual flask app module COPY changedetectionio /app/changedetectionio @@ -81,4 +81,5 @@ ARG LOGGER_LEVEL='' ENV LOGGER_LEVEL "$LOGGER_LEVEL" WORKDIR /app -CMD ["/app/docker-entrypoint.sh"] +ENTRYPOINT ["/app/docker-entrypoint.sh"] +CMD ["python", "./changedetection.py", "-d", "/datastore"] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 88af0d44..c1726f39 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,11 +1,27 @@ #!/bin/bash -PUID=${PUID:-911} -PGID=${PGID:-911} +set -eu -groupmod -o -g "$PGID" abc -usermod -o -u "$PUID" abc +# If the first argument looks like a flag, assume we want to run changedetection +if [ "${1:0:1}" = '-' ]; then + set -- python ./changedetection.py -d /datastore "$@" +fi -chown -R abc:abc /datastore +# If we're running as root, by default make sure process uid/gid +# and datadir permissions are correct. This can be skipped by setting +# KEEP_PRIVILEGES to something non-empty. +if [ "$(id -u)" = '0' -a -n "${KEEP_PRIVILEGES:-}" ]; then + PUID=${PUID:-911} + PGID=${PGID:-911} -exec gosu abc:abc python ./changedetection.py -d /datastore + groupmod -o -g "$PGID" changedetection + usermod -o -u "$PUID" changedetection + + # Look for files in datadir not owned by the correct user and chown them + find "/datastore" \! -user changedetection -exec chown changedetection '{}' + + + # Restart this script as an unprivileged user + exec gosu changedetection:changedetection "$BASH_SOURCE" "$@" +fi + +exec "$@"