From 67833a1b2dacd4f8ea837cbf3de6a16b5fbd7cd7 Mon Sep 17 00:00:00 2001 From: sneak Date: Sun, 22 Mar 2020 06:02:15 -0700 Subject: [PATCH] run as normal user, not root --- Dockerfile | 7 +++++++ root/etc/service/adchpp/run | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 66fa959..4251ba7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,10 @@ ENV DEFAULT_ADMIN_PASSWORD hunter2 ARG UBUNTU_MIRROR=http://archive.ubuntu.com/ubuntu +ARG UID_TO_ADD=10000 +ARG GID_TO_ADD=10000 +ARG USERNAME_TO_ADD=user + RUN echo "deb $UBUNTU_MIRROR bionic main universe restricted multiverse" > /etc/apt/sources.list.new && \ echo "deb $UBUNTU_MIRROR bionic-updates main universe restricted multiverse" >> /etc/apt/sources.list.new && \ echo "deb $UBUNTU_MIRROR bionic-security main universe restricted multiverse" >> /etc/apt/sources.list.new && \ @@ -40,6 +44,9 @@ RUN \ rsync -avP /tmp/rootoverlay/ / && \ rm -rf /tmp/rootoverlay && \ rm -r /root/go && \ + groupadd -g $GID_TO_ADD $USERNAME_TO_ADD && \ + useradd -u $UID_TO_ADD -g $GID_TO_ADD -s /bin/bash $USERNAME_TO_ADD && \ + usermod -p '*' $USERNAME_TO_ADD && \ chmod a+rx /etc/service/*/run CMD ["/usr/local/sbin/runsvinit"] diff --git a/root/etc/service/adchpp/run b/root/etc/service/adchpp/run index 2e917c2..1ec675f 100644 --- a/root/etc/service/adchpp/run +++ b/root/etc/service/adchpp/run @@ -19,5 +19,6 @@ if [[ ! -e /config/users.txt ]]; then echo "[{\"password\":\"$DEFAULT_ADMIN_PASSWORD\",\"nick\":\"admin\",\"level\":10,\"regby\":\"admin\",\"regtime\":1322835912}]" > /config/users.txt fi +chown -R user:user /config cd /config -exec /usr/local/bin/adchppd -c /config +exec chpst -u user:user /usr/local/bin/adchppd -c /config