Add docker-permissions.sh and call it when we're not run as root

jacobalberty · Oct 21, 2020 · 145b1dd · 145b1dd
1 parent 4179304
commit 145b1dd
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -27,13 +27,15 @@ RUN mkdir -p /usr/unifi \
 COPY docker-entrypoint.sh /usr/local/bin/
 COPY docker-healthcheck.sh /usr/local/bin/
 COPY docker-build.sh /usr/local/bin/
+COPY docker-permissions.sh /usr/local/bin/
 COPY functions /usr/unifi/functions
 COPY import_cert /usr/unifi/init.d/
 COPY pre_build /usr/local/docker/pre_build
 RUN chmod +x /usr/local/bin/docker-entrypoint.sh \
  && chmod +x /usr/unifi/init.d/import_cert \
  && chmod +x /usr/local/bin/docker-healthcheck.sh \
  && chmod +x /usr/local/bin/docker-build.sh \
+ && chmod +x /usr/local/bin/docker-permissions.sh \
  && chmod -R +x /usr/local/docker/pre_build
 
 # Push installing openjdk-8-jre first, so that the unifi package doesn't pull in openjdk-7-jre as a dependency? Else uncomment and just go with openjdk-7.

diff --git a/docker-build.sh b/docker-build.sh
@@ -28,7 +28,8 @@ if [ ! -f /usr/bin/sudo ]; then
   apt-get update
   apt-get install sudo
   rm -rf /var/lib/apt/lists/*
-  echo "unifi ALL=(ALL) NOPASSWD:SETENV: /usr/local/bin/docker-build.sh" > /etc/sudoers.d/unifi-build
+  echo "ALL ALL=(ALL) NOPASSWD:SETENV: /usr/local/bin/docker-build.sh" > /etc/sudoers.d/unifi-build
+  echo "ALL ALL=(ALL) NOPASSWD:SETENV: /usr/local/bin/docker-permissions.sh" > /etc/sudoers.d/unifi-permissions
 fi
 
 if [ "x${1}" == "x" ]; then

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -166,6 +166,9 @@ if [[ "${@}" == "unifi" ]]; then
             mkdir -p "${dir}"
         fi
     done
+    if [ $CUID != 0 ]; then
+      sudo -E UNIFI_UID=$(id -u) UNIFI_GID=$(id -g) /usr/local/bin/unifi-permissions.sh
+    fi
     ${UNIFI_CMD} &
     wait
     log "WARN: unifi service process ended without being signaled? Check for errors in ${LOGDIR}." >&2

diff --git a/docker-permissions.sh b/docker-permissions.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+DIRS="${RUNDIR} ${LOGDIR} ${DATADIR} ${BASEDIR}"
+
+echo "Setting ownership of '${DIRS}' to ${UNIFI_UID}:${UNIFI_GID}"
+
+# Using a loop here so I can check more directories easily later
+for dir in ${DIRS}; do
+  if [ "$(stat -c '%u' "${dir}")" != "${UNIFI_UID}" ]; then
+    chown -R "${UNIFI_UID}:${UNIFI_GID}" "${dir}"
+  fi
+done