Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix docker user permissions issues #1194

Merged
merged 10 commits into from
Jan 31, 2024
Merged

Fix docker user permissions issues #1194

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
ef4e407
Avoid unecessary multiple lines to make smaller images
Silex Jan 26, 2024
ad094e3
Use classic entrypoint pattern for user permissions
Silex Jan 26, 2024
7f17ec0
Add comment explaining docker-entrypoint's workflow
Silex Jan 31, 2024
d0e31b6
Update .docs/Docker.md
Tyrrrz Jan 31, 2024
4dce4a9
Update .docs/Docker.md
Tyrrrz Jan 31, 2024
bb79631
Update .docs/Docker.md
Tyrrrz Jan 31, 2024
10a68f4
Update DiscordChatExporter.Cli.dockerfile
Tyrrrz Jan 31, 2024
b641900
Update DiscordChatExporter.Cli.dockerfile
Tyrrrz Jan 31, 2024
488154b
Update DiscordChatExporter.Cli.dockerfile
Tyrrrz Jan 31, 2024
e72db02
Update docker-entrypoint.sh
Tyrrrz Jan 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .docs/Docker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,17 @@ For more information, please refer to the [Dockerfile](https://github.com/Tyrrrz

To get your Token and Channel IDs, please refer to [this page](Token-and-IDs.md).

## Permissions issues
Tyrrrz marked this conversation as resolved.
Show resolved Hide resolved

This image was designed with a user running as uid:gid of 1000:1000.

If your current user has different IDs, and you want to generate files directly editable for your user, you might want to run the container like this:

```console
mkdir data # or chown -R $(id -u):$(id -g) data
docker run -it --rm -v $PWD/data:/out --user $(id -u):$(id -g) tyrrrz/discordchatexporter:stable export -t TOKEN -g CHANNELID
```

## Environment variables

DiscordChatExpoter CLI accepts the `DISCORD_TOKEN` environment variable as a fallback for the `--token` option. You can set this variable either with the `--env` Docker option or with a combination of the `--env-file` Docker option and a `.env` file.
Expand Down
13 changes: 6 additions & 7 deletions DiscordChatExporter.Cli.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,20 +40,19 @@ LABEL org.opencontainers.image.licenses="MIT"

# Alpine image doesn't come with the ICU libraries pre-installed, so we need to install them manually.
# We need the full ICU data because we allow the user to specify any locale for formatting purposes.
RUN apk add --no-cache icu-libs
RUN apk add --no-cache icu-data-full
RUN apk add --no-cache icu-libs icu-data-full
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
ENV LC_ALL=en_US.UTF-8
ENV LANG=en_US.UTF-8

# Use a non-root user to ensure that the files shared with the host are accessible by the host user
# https://github.com/Tyrrrz/DiscordChatExporter/issues/851
RUN adduser --disabled-password --no-create-home dce
USER dce
# Use a non-root user
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add a comment explaining why 1000 was chosen specifically as the ID?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You chose 1000 when you did RUN adduser --disabled-password --no-create-home dce (it's usually the first user id available). And luckily it happens to map with most installations.

I'm just keeping your chosen id and making it explicit.

Tyrrrz marked this conversation as resolved.
Show resolved Hide resolved
RUN apk add --no-cache su-exec
RUN addgroup -S -g 1000 dce && adduser -S -H -G dce -u 1000 dce

# This directory is exposed to the user for mounting purposes, so it's important that it always
# stays the same for backwards compatibility.
WORKDIR /out

COPY --from=build /tmp/app/DiscordChatExporter.Cli/bin/publish /opt/app
ENTRYPOINT ["/opt/app/DiscordChatExporter.Cli"]
COPY docker-entrypoint.sh /
Tyrrrz marked this conversation as resolved.
Show resolved Hide resolved
ENTRYPOINT ["/docker-entrypoint.sh"]
10 changes: 10 additions & 0 deletions docker-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/usr/bin/env sh

# If we are root, ensure the files in /out are writable
# by the dce user and restart the process as the dce user
if [ "$(id -u)" = '0' ]; then
chown -R dce:dce /out
exec su-exec dce "$0" "$@"
fi
Tyrrrz marked this conversation as resolved.
Show resolved Hide resolved

exec /opt/app/DiscordChatExporter.Cli "$@"
Tyrrrz marked this conversation as resolved.
Show resolved Hide resolved
Loading