Use permset to ensure /unifi is owned by the user specified in docker…

… run command line see #525
jacobalberty · Feb 19, 2022 · 1972270 · 1972270
1 parent 9fb811f
commit 1972270
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,9 @@
+FROM golang:1.17-bullseye as permset
+WORKDIR /src
+RUN git clone https://github.com/jacobalberty/permset.git /src && \
+    mkdir -p /out && \
+    go build -ldflags "-X main.chownDir=/unifi" -o /out/permset
+
 FROM ubuntu:18.04
 
 LABEL maintainer="Jacob Alberty <jacob.alberty@foundigital.com>"
@@ -55,6 +61,10 @@ RUN set -ex \
  && useradd --no-log-init -r -u $UNIFI_UID -g $UNIFI_GID unifi \
  && /usr/local/bin/docker-build.sh "${PKGURL}"
 
+COPY --from=permset /out/permset /usr/local/bin/permset
+RUN chown 0.0 /usr/local/bin/permset && \
+    chmod +s /usr/local/bin/permset
+
 RUN mkdir -p /unifi && chown unifi:unifi -R /unifi
 
 # Apply any hotfixes that were included

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -161,6 +161,11 @@ fi
 
 UNIFI_CMD="java ${JVM_OPTS} -jar ${BASEDIR}/lib/ace.jar start"
 
+if  command -v permset &> /dev/null
+then
+  permset
+fi
+
 # controller writes to relative path logs/server.log
 cd ${BASEDIR}