diff --git a/scripts/install.sh b/scripts/install.sh index f2ae3d10c4..f69fa54539 100644 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -28,6 +28,9 @@ then OS="mac" fi +LUID="LOCAL_UID=`id -u $USER`" +LGID="LOCAL_GID=`getent group docker | cut -d: -f3`" + mkdir -p $OUTPUT_DIR LETS_ENCRYPT="n" @@ -63,7 +66,7 @@ fi docker pull bitwarden/setup:$COREVERSION if [ $OS == "lin" ] then - docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden -e LOCAL_UID=`id -u $USER` bitwarden/setup:$COREVERSION \ + docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden -e $LUID -e $LGID bitwarden/setup:$COREVERSION \ dotnet Setup.dll -install 1 -domain $DOMAIN -letsencrypt $LETS_ENCRYPT -os $OS -corev $COREVERSION -webv $WEBVERSION else docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden bitwarden/setup:$COREVERSION \ diff --git a/scripts/run.sh b/scripts/run.sh index 4c9f1c70de..1dc2e3dad2 100644 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -31,6 +31,8 @@ fi DOCKER_DIR="$OUTPUT_DIR/docker" ENV_DIR="$OUTPUT_DIR/env" +LUID="LOCAL_UID=`id -u $USER`" +LGID="LOCAL_GID=`getent group docker | cut -d: -f3`" # Functions @@ -80,7 +82,7 @@ function updateDatabase() { if [ $OS == "lin" ] then docker run -i --rm --name setup --network container:bitwarden-mssql \ - -v $OUTPUT_DIR:/bitwarden -e LOCAL_UID=`id -u $USER` bitwarden/setup:$COREVERSION \ + -v $OUTPUT_DIR:/bitwarden -e $LUID -e $LGID bitwarden/setup:$COREVERSION \ dotnet Setup.dll -update 1 -db 1 -os $OS -corev $COREVERSION -webv $WEBVERSION else docker run -i --rm --name setup --network container:bitwarden-mssql \ @@ -95,7 +97,7 @@ function update() { if [ $OS == "lin" ] then docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden \ - -e LOCAL_UID=`id -u $USER` bitwarden/setup:$COREVERSION \ + -e $LUID -e $LGID bitwarden/setup:$COREVERSION \ dotnet Setup.dll -update 1 -os $OS -corev $COREVERSION -webv $WEBVERSION else docker run -i --rm --name setup \ @@ -109,7 +111,7 @@ function printEnvironment() { if [ $OS == "lin" ] then docker run -i --rm --name setup -v $OUTPUT_DIR:/bitwarden \ - -e LOCAL_UID=`id -u $USER` bitwarden/setup:$COREVERSION \ + -e $LUID -e $LGID bitwarden/setup:$COREVERSION \ dotnet Setup.dll -printenv 1 -os $OS -corev $COREVERSION -webv $WEBVERSION else docker run -i --rm --name setup \ @@ -126,7 +128,7 @@ function restart() { if [ $OS == "lin" ] then mkdir -p $ENV_DIR - echo "LOCAL_UID=`id -u $USER`" > $ENV_DIR/uid.env + (echo $LUID; echo $LGID) > $ENV_DIR/uid.env fi dockerComposeUp diff --git a/src/Admin/Dockerfile b/src/Admin/Dockerfile index d6b0f2e4d8..ddb8bde229 100644 --- a/src/Admin/Dockerfile +++ b/src/Admin/Dockerfile @@ -10,8 +10,6 @@ WORKDIR /app EXPOSE 5000 COPY obj/Docker/publish . COPY entrypoint.sh / - -RUN groupadd -g 999 bitwarden \ - && chmod +x /entrypoint.sh +RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/src/Admin/entrypoint.sh b/src/Admin/entrypoint.sh index 28fb0d94e9..f4869f80f1 100644 --- a/src/Admin/entrypoint.sh +++ b/src/Admin/entrypoint.sh @@ -1,35 +1,67 @@ #!/bin/bash +# Setup + +GROUPNAME="bitwarden" USERNAME="bitwarden" -NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` + +CURRENTGID=`getent group $GROUPNAME | cut -d: -f3` +LGID=${LOCAL_GID:-999} + +CURRENTUID=`id -u $USERNAME` +NOUSER=`$CURRENTUID > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} # Step down from host root + +if [ $LGID == 0 ] +then + LGID=999 +fi + if [ $LUID == 0 ] then LUID=999 fi -if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +# Create group + +if [ $CURRENTGID ] +then + if [ $CURRENTGID != $LGID ] + then + groupmod -g $LGID $GROUPNAME + fi +else + groupadd -g $LGID $GROUPNAME +fi + +# Create user and assign group + +if [ $NOUSER == 0 ] && [ $CURRENTUID != $LUID ] then usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g $USERNAME $USERNAME + useradd -r -u $LUID -g $GROUPNAME $USERNAME fi +# Make home directory for user + if [ ! -d "/home/$USERNAME" ] then mkhomedir_helper $USERNAME fi -chown -R $USERNAME:$USERNAME /app +# The rest... + +chown -R $USERNAME:$GROUPNAME /app mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/ca-certificates -chown -R $USERNAME:$USERNAME /etc/bitwarden +chown -R $USERNAME:$GROUPNAME /etc/bitwarden cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ \ && update-ca-certificates -gosu $USERNAME:$USERNAME dotnet /app/Admin.dll +gosu $USERNAME:$GROUPNAME dotnet /app/Admin.dll diff --git a/src/Api/Dockerfile b/src/Api/Dockerfile index 2617131090..6caeab3e0f 100644 --- a/src/Api/Dockerfile +++ b/src/Api/Dockerfile @@ -12,11 +12,9 @@ EXPOSE 5000 COPY obj/Docker/publish/Api . COPY obj/Docker/publish/Jobs /jobs COPY entrypoint.sh / +RUN chmod +x /entrypoint.sh RUN mv /jobs/crontab /etc/cron.d/bitwarden-cron \ && chmod 0644 /etc/cron.d/bitwarden-cron -RUN groupadd -g 999 bitwarden \ - && chmod +x /entrypoint.sh - ENTRYPOINT ["/entrypoint.sh"] diff --git a/src/Api/entrypoint.sh b/src/Api/entrypoint.sh index 17a12ca3f8..23eb89acfe 100644 --- a/src/Api/entrypoint.sh +++ b/src/Api/entrypoint.sh @@ -1,36 +1,68 @@ #!/bin/bash +# Setup + +GROUPNAME="bitwarden" USERNAME="bitwarden" -NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` + +CURRENTGID=`getent group $GROUPNAME | cut -d: -f3` +LGID=${LOCAL_GID:-999} + +CURRENTUID=`id -u $USERNAME` +NOUSER=`$CURRENTUID > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} # Step down from host root + +if [ $LGID == 0 ] +then + LGID=999 +fi + if [ $LUID == 0 ] then LUID=999 fi -if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +# Create group + +if [ $CURRENTGID ] +then + if [ $CURRENTGID != $LGID ] + then + groupmod -g $LGID $GROUPNAME + fi +else + groupadd -g $LGID $GROUPNAME +fi + +# Create user and assign group + +if [ $NOUSER == 0 ] && [ $CURRENTUID != $LUID ] then usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g $USERNAME $USERNAME + useradd -r -u $LUID -g $GROUPNAME $USERNAME fi +# Make home directory for user + if [ ! -d "/home/$USERNAME" ] then mkhomedir_helper $USERNAME fi +# The rest... + touch /var/log/cron.log -chown $USERNAME:$USERNAME /var/log/cron.log -chown -R $USERNAME:$USERNAME /app -chown -R $USERNAME:$USERNAME /jobs +chown $USERNAME:$GROUPNAME /var/log/cron.log +chown -R $USERNAME:$GROUPNAME /app +chown -R $USERNAME:$GROUPNAME /jobs mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/ca-certificates -chown -R $USERNAME:$USERNAME /etc/bitwarden +chown -R $USERNAME:$GROUPNAME /etc/bitwarden env >> /etc/environment cron @@ -38,4 +70,4 @@ cron cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ \ && update-ca-certificates -gosu bitwarden:bitwarden dotnet /app/Api.dll +gosu $USERNAME:$GROUPNAME dotnet /app/Api.dll diff --git a/src/Icons/Dockerfile b/src/Icons/Dockerfile index 22babcee80..2bc5c6c2e1 100644 --- a/src/Icons/Dockerfile +++ b/src/Icons/Dockerfile @@ -18,8 +18,6 @@ WORKDIR /app EXPOSE 5000 COPY obj/Docker/publish . COPY entrypoint.sh / - -RUN groupadd -g 999 bitwarden \ - && chmod +x /entrypoint.sh +RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/src/Icons/entrypoint.sh b/src/Icons/entrypoint.sh index 24454e8997..34be22803f 100644 --- a/src/Icons/entrypoint.sh +++ b/src/Icons/entrypoint.sh @@ -1,30 +1,62 @@ #!/bin/bash +# Setup + +GROUPNAME="bitwarden" USERNAME="bitwarden" -NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` + +CURRENTGID=`getent group $GROUPNAME | cut -d: -f3` +LGID=${LOCAL_GID:-999} + +CURRENTUID=`id -u $USERNAME` +NOUSER=`$CURRENTUID > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} # Step down from host root + +if [ $LGID == 0 ] +then + LGID=999 +fi + if [ $LUID == 0 ] then LUID=999 fi -if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +# Create group + +if [ $CURRENTGID ] +then + if [ $CURRENTGID != $LGID ] + then + groupmod -g $LGID $GROUPNAME + fi +else + groupadd -g $LGID $GROUPNAME +fi + +# Create user and assign group + +if [ $NOUSER == 0 ] && [ $CURRENTUID != $LUID ] then usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g $USERNAME $USERNAME + useradd -r -u $LUID -g $GROUPNAME $USERNAME fi +# Make home directory for user + if [ ! -d "/home/$USERNAME" ] then mkhomedir_helper $USERNAME fi -chown -R $USERNAME:$USERNAME /app -chown -R $USERNAME:$USERNAME /etc/iconserver +# The rest... -gosu $USERNAME:$USERNAME /etc/iconserver/iconserver & -gosu $USERNAME:$USERNAME dotnet /app/Icons.dll iconsSettings:bestIconBaseUrl=http://localhost:8080 +chown -R $USERNAME:$GROUPNAME /app +chown -R $USERNAME:$GROUPNAME /etc/iconserver + +gosu $USERNAME:$GROUPNAME /etc/iconserver/iconserver & +gosu $USERNAME:$GROUPNAME dotnet /app/Icons.dll iconsSettings:bestIconBaseUrl=http://localhost:8080 diff --git a/src/Identity/Dockerfile b/src/Identity/Dockerfile index d6b0f2e4d8..ddb8bde229 100644 --- a/src/Identity/Dockerfile +++ b/src/Identity/Dockerfile @@ -10,8 +10,6 @@ WORKDIR /app EXPOSE 5000 COPY obj/Docker/publish . COPY entrypoint.sh / - -RUN groupadd -g 999 bitwarden \ - && chmod +x /entrypoint.sh +RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/src/Identity/entrypoint.sh b/src/Identity/entrypoint.sh index 5a1df3dcf2..b8a5a3f5e9 100644 --- a/src/Identity/entrypoint.sh +++ b/src/Identity/entrypoint.sh @@ -1,38 +1,70 @@ #!/bin/bash +# Setup + +GROUPNAME="bitwarden" USERNAME="bitwarden" -NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` + +CURRENTGID=`getent group $GROUPNAME | cut -d: -f3` +LGID=${LOCAL_GID:-999} + +CURRENTUID=`id -u $USERNAME` +NOUSER=`$CURRENTUID > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} # Step down from host root + +if [ $LGID == 0 ] +then + LGID=999 +fi + if [ $LUID == 0 ] then LUID=999 fi -if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +# Create group + +if [ $CURRENTGID ] +then + if [ $CURRENTGID != $LGID ] + then + groupmod -g $LGID $GROUPNAME + fi +else + groupadd -g $LGID $GROUPNAME +fi + +# Create user and assign group + +if [ $NOUSER == 0 ] && [ $CURRENTUID != $LUID ] then usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g $USERNAME $USERNAME + useradd -r -u $LUID -g $GROUPNAME $USERNAME fi +# Make home directory for user + if [ ! -d "/home/$USERNAME" ] then mkhomedir_helper $USERNAME fi +# The rest... + mkdir -p /etc/bitwarden/identity mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/logs mkdir -p /etc/bitwarden/ca-certificates -chown -R $USERNAME:$USERNAME /etc/bitwarden +chown -R $USERNAME:$GROUPNAME /etc/bitwarden cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx -chown -R $USERNAME:$USERNAME /app +chown -R $USERNAME:$GROUPNAME /app cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ \ && update-ca-certificates -gosu $USERNAME:$USERNAME dotnet /app/Identity.dll +gosu $USERNAME:$GROUPNAME dotnet /app/Identity.dll diff --git a/util/Attachments/Dockerfile b/util/Attachments/Dockerfile index e9e2a5401f..e17af14bd3 100644 --- a/util/Attachments/Dockerfile +++ b/util/Attachments/Dockerfile @@ -8,8 +8,6 @@ RUN apt-get update \ ENV ASPNETCORE_URLS http://+:5000 EXPOSE 5000 COPY entrypoint.sh / - -RUN groupadd -g 999 bitwarden \ - && chmod +x /entrypoint.sh +RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/util/Attachments/entrypoint.sh b/util/Attachments/entrypoint.sh index 7bfd945ca1..6bd847a104 100644 --- a/util/Attachments/entrypoint.sh +++ b/util/Attachments/entrypoint.sh @@ -1,31 +1,63 @@ #!/bin/bash +# Setup + +GROUPNAME="bitwarden" USERNAME="bitwarden" -NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` + +CURRENTGID=`getent group $GROUPNAME | cut -d: -f3` +LGID=${LOCAL_GID:-999} + +CURRENTUID=`id -u $USERNAME` +NOUSER=`$CURRENTUID > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} # Step down from host root + +if [ $LGID == 0 ] +then + LGID=999 +fi + if [ $LUID == 0 ] then LUID=999 fi -if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +# Create group + +if [ $CURRENTGID ] +then + if [ $CURRENTGID != $LGID ] + then + groupmod -g $LGID $GROUPNAME + fi +else + groupadd -g $LGID $GROUPNAME +fi + +# Create user and assign group + +if [ $NOUSER == 0 ] && [ $CURRENTUID != $LUID ] then usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g $USERNAME $USERNAME + useradd -r -u $LUID -g $GROUPNAME $USERNAME fi +# Make home directory for user + if [ ! -d "/home/$USERNAME" ] then mkhomedir_helper $USERNAME fi -chown -R $USERNAME:$USERNAME /bitwarden_server -mkdir -p /etc/bitwarden/core/attachments -chown -R $USERNAME:$USERNAME /etc/bitwarden +# The rest... -gosu $USERNAME:$USERNAME dotnet /bitwarden_server/Server.dll \ +chown -R $USERNAME:$GROUPNAME /bitwarden_server +mkdir -p /etc/bitwarden/core/attachments +chown -R $USERNAME:$GROUPNAME /etc/bitwarden + +gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \ /contentRoot=/etc/bitwarden/core/attachments /webRoot=. /serveUnknown=true diff --git a/util/MsSql/Dockerfile b/util/MsSql/Dockerfile index 9e09a43104..73ce6d5e96 100644 --- a/util/MsSql/Dockerfile +++ b/util/MsSql/Dockerfile @@ -6,8 +6,6 @@ RUN apt-get update \ gosu \ && rm -rf /var/lib/apt/lists/* -RUN groupadd -g 999 bitwarden - COPY crontab /etc/cron.d/bitwarden-cron RUN chmod 0644 /etc/cron.d/bitwarden-cron COPY backup-db.sql / @@ -16,4 +14,5 @@ COPY entrypoint.sh / RUN chmod +x /entrypoint.sh \ && chmod +x /backup-db.sh + ENTRYPOINT ["/entrypoint.sh"] diff --git a/util/MsSql/entrypoint.sh b/util/MsSql/entrypoint.sh index a9b5755182..6d380ae992 100644 --- a/util/MsSql/entrypoint.sh +++ b/util/MsSql/entrypoint.sh @@ -1,38 +1,70 @@ #!/bin/bash +# Setup + +GROUPNAME="bitwarden" USERNAME="bitwarden" -NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` + +CURRENTGID=`getent group $GROUPNAME | cut -d: -f3` +LGID=${LOCAL_GID:-999} + +CURRENTUID=`id -u $USERNAME` +NOUSER=`$CURRENTUID > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} # Step down from host root + +if [ $LGID == 0 ] +then + LGID=999 +fi + if [ $LUID == 0 ] then LUID=999 fi -if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +# Create group + +if [ $CURRENTGID ] +then + if [ $CURRENTGID != $LGID ] + then + groupmod -g $LGID $GROUPNAME + fi +else + groupadd -g $LGID $GROUPNAME +fi + +# Create user and assign group + +if [ $NOUSER == 0 ] && [ $CURRENTUID != $LUID ] then usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g $USERNAME $USERNAME + useradd -r -u $LUID -g $GROUPNAME $USERNAME fi +# Make home directory for user + if [ ! -d "/home/$USERNAME" ] then mkhomedir_helper $USERNAME fi +# The rest... + touch /var/log/cron.log -chown $USERNAME:$USERNAME /var/log/cron.log +chown $USERNAME:$GROUPNAME /var/log/cron.log mkdir -p /etc/bitwarden/mssql/backups -chown -R $USERNAME:$USERNAME /etc/bitwarden +chown -R $USERNAME:$GROUPNAME /etc/bitwarden mkdir -p /var/opt/mssql/data -chown -R $USERNAME:$USERNAME /var/opt/mssql -chown $USERNAME:$USERNAME /backup-db.sh -chown $USERNAME:$USERNAME /backup-db.sql +chown -R $USERNAME:$GROUPNAME /var/opt/mssql +chown $USERNAME:$GROUPNAME /backup-db.sh +chown $USERNAME:$GROUPNAME /backup-db.sql env >> /etc/environment cron -gosu $USERNAME:$USERNAME /opt/mssql/bin/sqlservr +gosu $USERNAME:$GROUPNAME /opt/mssql/bin/sqlservr diff --git a/util/Nginx/Dockerfile b/util/Nginx/Dockerfile index 43801113fd..3c68583886 100644 --- a/util/Nginx/Dockerfile +++ b/util/Nginx/Dockerfile @@ -9,8 +9,6 @@ COPY nginx.conf /etc/nginx COPY proxy.conf /etc/nginx COPY mime.types /etc/nginx COPY entrypoint.sh / - -RUN groupadd -g 999 bitwarden \ - && chmod +x /entrypoint.sh +RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/util/Nginx/entrypoint.sh b/util/Nginx/entrypoint.sh index 996bf1a578..48f087ec05 100644 --- a/util/Nginx/entrypoint.sh +++ b/util/Nginx/entrypoint.sh @@ -1,37 +1,69 @@ #!/bin/bash +# Setup + +GROUPNAME="bitwarden" USERNAME="bitwarden" -NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` + +CURRENTGID=`getent group $GROUPNAME | cut -d: -f3` +LGID=${LOCAL_GID:-999} + +CURRENTUID=`id -u $USERNAME` +NOUSER=`$CURRENTUID > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} # Step down from host root + +if [ $LGID == 0 ] +then + LGID=999 +fi + if [ $LUID == 0 ] then LUID=999 fi -if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +# Create group + +if [ $CURRENTGID ] +then + if [ $CURRENTGID != $LGID ] + then + groupmod -g $LGID $GROUPNAME + fi +else + groupadd -g $LGID $GROUPNAME +fi + +# Create user and assign group + +if [ $NOUSER == 0 ] && [ $CURRENTUID != $LUID ] then usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g $USERNAME $USERNAME + useradd -r -u $LUID -g $GROUPNAME $USERNAME fi +# Make home directory for user + if [ ! -d "/home/$USERNAME" ] then mkhomedir_helper $USERNAME fi -chown -R $USERNAME:$USERNAME /etc/bitwarden +# The rest... + +chown -R $USERNAME:$GROUPNAME /etc/bitwarden cp /etc/bitwarden/nginx/default.conf /etc/nginx/conf.d/default.conf mkdir -p /etc/letsencrypt -chown -R $USERNAME:$USERNAME /etc/letsencrypt +chown -R $USERNAME:$GROUPNAME /etc/letsencrypt mkdir -p /etc/ssl -chown -R $USERNAME:$USERNAME /etc/ssl +chown -R $USERNAME:$GROUPNAME /etc/ssl touch /var/run/nginx.pid -chown -R $USERNAME:$USERNAME /var/run/nginx.pid -chown -R $USERNAME:$USERNAME /var/cache/nginx -chown -R $USERNAME:$USERNAME /var/log/nginx +chown -R $USERNAME:$GROUPNAME /var/run/nginx.pid +chown -R $USERNAME:$GROUPNAME /var/cache/nginx +chown -R $USERNAME:$GROUPNAME /var/log/nginx -gosu $USERNAME:$USERNAME nginx -g 'daemon off;' +gosu $USERNAME:$GROUPNAME nginx -g 'daemon off;' diff --git a/util/Setup/Dockerfile b/util/Setup/Dockerfile index 84ede01080..c1fad78c9c 100644 --- a/util/Setup/Dockerfile +++ b/util/Setup/Dockerfile @@ -9,8 +9,6 @@ RUN apt-get update \ WORKDIR /app COPY obj/Docker/publish . COPY entrypoint.sh / - -RUN groupadd -g 999 bitwarden \ - && chmod +x /entrypoint.sh +RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/util/Setup/entrypoint.sh b/util/Setup/entrypoint.sh index 1c5282e198..444a07c390 100644 --- a/util/Setup/entrypoint.sh +++ b/util/Setup/entrypoint.sh @@ -1,35 +1,67 @@ #!/bin/bash +# Setup + +GROUPNAME="bitwarden" USERNAME="bitwarden" -NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` + +CURRENTGID=`getent group $GROUPNAME | cut -d: -f3` +LGID=${LOCAL_GID:-999} + +CURRENTUID=`id -u $USERNAME` +NOUSER=`$CURRENTUID > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} # Step down from host root + +if [ $LGID == 0 ] +then + LGID=999 +fi + if [ $LUID == 0 ] then LUID=999 fi -if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +# Create group + +if [ $CURRENTGID ] +then + if [ $CURRENTGID != $LGID ] + then + groupmod -g $LGID $GROUPNAME + fi +else + groupadd -g $LGID $GROUPNAME +fi + +# Create user and assign group + +if [ $NOUSER == 0 ] && [ $CURRENTUID != $LUID ] then usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g $USERNAME $USERNAME + useradd -r -u $LUID -g $GROUPNAME $USERNAME fi +# Make home directory for user + if [ ! -d "/home/$USERNAME" ] then mkhomedir_helper $USERNAME fi -chown -R $USERNAME:$USERNAME /app +# The rest... + +chown -R $USERNAME:$GROUPNAME /app mkdir -p /bitwarden/env mkdir -p /bitwarden/docker mkdir -p /bitwarden/ssl mkdir -p /bitwarden/letsencrypt mkdir -p /bitwarden/identity mkdir -p /bitwarden/nginx -chown -R $USERNAME:$USERNAME /bitwarden +chown -R $USERNAME:$GROUPNAME /bitwarden -exec gosu $USERNAME:$USERNAME "$@" +exec gosu $USERNAME:$GROUPNAME "$@"