chore: make Docker image rootless (#683)

* add first version of rootless docker image * skip user creation if user is already a non root user
2026-04-09 09:37:01 +02:00 · 2024-12-18 16:08:45 +01:00
parent 168038eae7
commit 6771bfdf50
4 changed files with 42 additions and 6 deletions
--- a/scripts/docker/create-user.sh
+++ b/scripts/docker/create-user.sh
@@ -0,0 +1,30 @@
+# If we aren't running as root, just exec the CMD
+[ "$(id -u)" -ne 0 ] && exec "$@"
+
+echo "Creating user and group..."
+
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
+
+# Check if the group with PGID exists; if not, create it
+if ! getent group pingvin-share-group > /dev/null 2>&1; then
+    addgroup -g "$PGID" pingvin-share-group
+fi
+
+# Check if a user with PUID exists; if not, create it
+if ! id -u pingvin-share > /dev/null 2>&1; then
+    if ! getent passwd "$PUID" > /dev/null 2>&1; then
+        adduser -u "$PUID" -G pingvin-share-group pingvin-share > /dev/null 2>&1
+    else
+        # If a user with the PUID already exists, use that user
+        existing_user=$(getent passwd "$PUID" | cut -d: -f1)
+        echo "Using existing user: $existing_user"
+    fi
+fi
+
+# Change ownership of the data directory
+mkdir -p /opt/app/backend/data
+find /opt/app/backend/data \( ! -group "${PGID}" -o ! -user "${PUID}" \) -exec chown "${PUID}:${PGID}" {} +
+
+# Switch to the non-root user
+exec su-exec "$PUID:$PGID" "$@"
--- a/scripts/docker/entrypoint.sh
+++ b/scripts/docker/entrypoint.sh