diff options
| author | Benedikt Heine <bebe@bebehei.de> | 2018-07-20 15:45:40 +0200 |
|---|---|---|
| committer | Jakob Borg <jakob@kastelo.net> | 2018-07-20 15:45:40 +0200 |
| commit | 3102e36a451ac3d0c86b8d42d4db04b9c3c4ba18 (patch) | |
| tree | 921c2fb36fd7a508539363bd897226612b881b4c /Dockerfile | |
| parent | 3d8344003ef7724a00e37f59d3fd5fa2b13973a1 (diff) | |
| download | syncthing-3102e36a451ac3d0c86b8d42d4db04b9c3c4ba18.tar.gz syncthing-3102e36a451ac3d0c86b8d42d4db04b9c3c4ba18.zip | |
dockerfile: Create a dedicated syncthing user (#5072)
A dedicated user is necessary to create relative references via
~/<folder> or $HOME/<folder>. Having the syncthing process just running
under a unprivileged UID/GID, will remove the home folder relation and
therefore will result in nonexistent shares after update.
Signed-off-by: Benedikt Heine <bebe@bebehei.de>
Diffstat (limited to 'Dockerfile')
| -rw-r--r-- | Dockerfile | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/Dockerfile b/Dockerfile index c57768601..faf1a44e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,11 +21,30 @@ COPY --from=builder /go/src/github.com/syncthing/syncthing/syncthing /bin/syncth RUN apk add --no-cache su-exec ENV STNOUPGRADE=1 +ENV PUSR=syncthing ENV PUID=1000 +ENV PGRP=syncthing ENV PGID=1000 HEALTHCHECK --interval=1m --timeout=10s \ CMD nc -z localhost 8384 || exit 1 -ENTRYPOINT chown $PUID:$PGID /var/syncthing \ - && su-exec $PUID:$PGID /bin/syncthing -home /var/syncthing/config -gui-address 0.0.0.0:8384 +ENTRYPOINT true \ + && ( getent group "${PGRP}" >/dev/null \ + || addgroup \ + -g "${PGID}" \ + "${PGRP}" \ + ) \ + && ( getent passwd "${PUSR}" >/dev/null \ + || adduser \ + -h /var/syncthing \ + -G "${PGRP}" \ + -u "${PUID}" \ + "${PUSR}" \ + ) \ + && chown "${PUSR}:${PGRP}" /var/syncthing \ + && su-exec "${PUSR}:${PGRP}" \ + /bin/syncthing \ + -home /var/syncthing/config \ + -gui-address 0.0.0.0:8384 \ + && true |