From c6fbe8cc4402e9cef901eca648a89f5360508947 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:31:19 -0500 Subject: [PATCH] [PS-2016] Add ability to change UID/GID for Bitwarden unified (#2495) --- docker-unified/Dockerfile | 21 ++++----------------- docker-unified/entrypoint.sh | 21 ++++++++++++++++++++- docker-unified/settings.env | 4 ++++ 3 files changed, 28 insertions(+), 18 deletions(-) diff --git a/docker-unified/Dockerfile b/docker-unified/Dockerfile index aa02ec890d..3309f4c62c 100644 --- a/docker-unified/Dockerfile +++ b/docker-unified/Dockerfile @@ -215,9 +215,6 @@ RUN apk add --update-cache \ unzip \ && rm -rf /var/cache/apk/* -# Create non-root user to run app -RUN adduser -s /bin/false -D bitwarden - # Create required directories RUN mkdir -p /etc/bitwarden/attachments/send RUN mkdir -p /etc/bitwarden/data-protection @@ -228,26 +225,17 @@ RUN mkdir -p /etc/supervisor.d RUN mkdir -p /var/log/bitwarden RUN mkdir -p /var/log/nginx/logs RUN mkdir -p /app -RUN chown -R bitwarden:bitwarden \ - /app \ - /etc/bitwarden \ - /etc/nginx/http.d \ - /etc/supervisor \ - /etc/supervisor.d \ - /var/lib/nginx \ - /var/log \ - /run # Copy all apps from dotnet-build stage WORKDIR /app -COPY --chown=bitwarden:bitwarden --from=dotnet-build /app ./ +COPY --from=dotnet-build /app ./ # Copy Web files from web-setup stage -COPY --chown=bitwarden:bitwarden --from=web-setup /tmp/build /app/Web +COPY --from=web-setup /tmp/build /app/Web # Set up supervisord -COPY --chown=bitwarden:bitwarden docker-unified/supervisord/*.ini /etc/supervisor.d/ -COPY --chown=bitwarden:bitwarden docker-unified/supervisord/supervisord.conf /etc/supervisor/supervisord.conf +COPY docker-unified/supervisord/*.ini /etc/supervisor.d/ +COPY docker-unified/supervisord/supervisord.conf /etc/supervisor/supervisord.conf RUN rm -f /etc/supervisord.conf # Set up nginx @@ -285,5 +273,4 @@ RUN apk add --update-cache \ VOLUME ["/etc/bitwarden"] WORKDIR /app -USER bitwarden:bitwarden ENTRYPOINT ["/entrypoint.sh"] diff --git a/docker-unified/entrypoint.sh b/docker-unified/entrypoint.sh index 92955b5093..2a0ce82368 100755 --- a/docker-unified/entrypoint.sh +++ b/docker-unified/entrypoint.sh @@ -1,5 +1,14 @@ #!/bin/sh +# Set up user group +GID="${GID:-1000}" +addgroup -g $GID bitwarden +GROUP_NAME=$(cat /etc/group | grep ":$GID:" | cut -d ':' -f 1) + +# Set up user +UID="${UID:-1000}" +adduser -s /bin/false -D -u $UID -G $GROUP_NAME bitwarden + # Translate environment variables for application settings VAULT_SERVICE_URI=https://$BW_DOMAIN MYSQL_CONNECTION_STRING="server=$BW_DB_SERVER;database=$BW_DB_DATABASE;user=$BW_DB_USERNAME;password=$BW_DB_PASSWORD" @@ -78,4 +87,14 @@ sed -i "s/autostart=true/autostart=${BW_ENABLE_NOTIFICATIONS}/" /etc/supervisor. sed -i "s/autostart=true/autostart=${BW_ENABLE_SCIM}/" /etc/supervisor.d/scim.ini sed -i "s/autostart=true/autostart=${BW_ENABLE_SSO}/" /etc/supervisor.d/sso.ini -exec /usr/bin/supervisord +chown -R $UID:$GID \ + /app \ + /etc/bitwarden \ + /etc/nginx/http.d \ + /etc/supervisor \ + /etc/supervisor.d \ + /var/lib/nginx \ + /var/log \ + /run + +su-exec $UID:$GID /usr/bin/supervisord diff --git a/docker-unified/settings.env b/docker-unified/settings.env index 17e9be4bcb..8d55e5fba6 100644 --- a/docker-unified/settings.env +++ b/docker-unified/settings.env @@ -23,6 +23,10 @@ BW_INSTALLATION_KEY=xxxxxxxxxxxx ##################### # Learn more here: https://bitwarden.com/help/environment-variables/ +# Container UID/GID +#UID=1000 +#GID=1000 + # Webserver ports #BW_PORT_HTTP=8080 #BW_PORT_HTTPS=8443