set non-root user at build-time

This commit is contained in:
Wonderfall 2021-04-17 16:46:24 +02:00
parent b2faadef4b
commit c890ece996
2 changed files with 11 additions and 13 deletions

View file

@ -91,12 +91,18 @@ RUN wget -q https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION
# Clean # Clean
&& npm -g --force cache clean && yarn cache clean \ && npm -g --force cache clean && yarn cache clean \
&& apk del build-dependencies \ && apk del build-dependencies \
&& rm -rf /var/cache/apk/* /tmp/src && rm -rf /var/cache/apk/* /tmp/src \
COPY rootfs / # Create mastodon user \
&& adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon \
&& chown -R mastodon:mastodon /mastodon
COPY --chown=mastodon:mastodon rootfs /
RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
USER mastodon
VOLUME /mastodon/public/system /mastodon/log VOLUME /mastodon/public/system /mastodon/log
EXPOSE 3000 4000 EXPOSE 3000 4000

View file

@ -23,22 +23,14 @@ Web : /mastodon/log/web.log
--------------------------------------------- ---------------------------------------------
" "
echo "Creating mastodon user..."
addgroup -g ${GID} mastodon &>/dev/null
adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon &>/dev/null
echo "Updating permissions, this can take a while..."
find /mastodon -path /mastodon/public/system -prune -o -print0 | xargs -0 chown -f mastodon:mastodon
chown -R mastodon:mastodon /etc/s6.d
if [ "$RUN_DB_MIGRATIONS" == "true" ]; then if [ "$RUN_DB_MIGRATIONS" == "true" ]; then
echo "Running database migrations task..." echo "Running database migrations task..."
su-exec mastodon:mastodon bundle exec rake db:migrate bundle exec rake db:migrate
fi fi
echo "Executing process(es)..." echo "Executing process(es)..."
if [ '$@' == '' ]; then if [ '$@' == '' ]; then
exec su-exec mastodon:mastodon /bin/s6-svscan /etc/s6.d exec /bin/s6-svscan /etc/s6.d
else else
exec su-exec mastodon:mastodon "$@" exec "$@"
fi fi