Allow su-exec to fail when users explicity use --user

This allows MinIO containers to run properly without expecting higher privileges in situations where following restrictions on containers are used - docker run --user uid:gid - docker-compose up (with docker-compose.yml with user) ```yml ... user: "1001:1001" command: minio server /data ... ``` - All openshift containers Fixes minio#7773
harshavardhana · Jun 12, 2019 · 72e6000 · 72e6000
1 parent 0394a8f
commit 72e6000
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/dockerscripts/docker-entrypoint.sh b/dockerscripts/docker-entrypoint.sh
@@ -60,7 +60,12 @@ docker_switch_user() {
             return
         fi
     fi
-    exec su-exec "${owner}" "$@"
+    # check if su-exec is allowed, if yes proceed proceed.
+    if su-exec "${owner}" "/bin/ls" >/dev/null 2>&1; then
+        exec su-exec "${owner}" "$@"
+    fi
+    # fallback
+    exec "$@"
 }
 
 ## Set access env from secrets if necessary.