Permalink
Browse files

Run docker as a normal user (#690)

TODO: Allow as root, if someone *really* wants
  • Loading branch information...
Undeadhunter authored and Cazzar committed Mar 14, 2018
1 parent 931a587 commit 3c94a2f5ed5a8f33c44302ad42db593c0dc8e53d
Showing with 45 additions and 2 deletions.
  1. +17 −2 Dockerfile
  2. +28 −0 dockerentry.sh
@@ -4,12 +4,18 @@ FROM mono:5.4

RUN curl https://bintray.com/user/downloadSubjectPublicKey?username=bintray | apt-key add -
RUN echo "deb http://dl.bintray.com/cazzar/shoko-deps jesse main" | tee -a /etc/apt/sources.list
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" | tee -a /etc/apt/sources.list

RUN apt-get update && apt-get install -y --force-yes libmediainfo0 librhash0 sqlite.interop jq unzip
ENV TINI_VERSION v0.16.1
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /bin/tini
RUN chmod +x /bin/tini

RUN apt update && apt install -y --force-yes libmediainfo0 librhash0 sqlite.interop jq unzip && apt install -t jessie-backports gosu

RUN mkdir -p /usr/src/app/source /usr/src/app/build
COPY . /usr/src/app/source
WORKDIR /usr/src/app/source
RUN mv /usr/src/app/source/dockerentry.sh /dockerentry.sh

ADD https://github.com/NuGet/Home/releases/download/3.3/NuGet.exe .
RUN mono NuGet.exe restore
@@ -31,4 +37,13 @@ VOLUME /usr/src/app/build/webui
HEALTHCHECK --start-period=5m CMD curl -H "Content-Type: application/json" -H 'Accept: application/json' 'http://localhost:8111/v1/Server' || exit 1

EXPOSE 8111
ENTRYPOINT mono --debug Shoko.CLI.exe

#RUN mkdir -p /home/shoko
#RUN groupadd -r shoko && useradd --no-log-init -r -g shoko shoko
#RUN chown -R shoko:shoko /home/shoko
#RUN chown -R shoko:shoko /usr/src/app/build

#USER shoko:shoko

#ENTRYPOINT mono --debug Shoko.CLI.exe
ENTRYPOINT /bin/bash /dockerentry.sh
@@ -0,0 +1,28 @@
#!/bin/bash

# Set variable for the UID and GID based on env, else use default values
PUID=${PUID:-1000}
PGID=${PGID:-100}

groupadd -o -g "$PGID" shokogroup
useradd -o -u "$PUID" -d /home/shoko shoko

usermod -G shokogroup shoko

mkdir -p /home/shoko
chown -R shoko:shokogroup /home/shoko

mkdir -p /.shoko/

# Set owership of shoko files to shoko user
chown -R shoko:shokogroup /usr/src/app/build/

echo "
-------------------------------------
User uid: $(id -u shoko)
User gid: $(id -g shoko)
-------------------------------------
"

# Go and run the server
exec gosu shoko:shokogroup mono --debug /usr/src/app/build/Shoko.CLI.exe

0 comments on commit 3c94a2f

Please sign in to comment.