From 95b25246f10f7d38b2d65fa93471c76f935bcff8 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Tue, 27 Mar 2018 22:57:30 -0400 Subject: [PATCH] step down from host root LUID --- src/Admin/entrypoint.sh | 26 +++++++++++++++++--------- src/Api/entrypoint.sh | 24 ++++++++++++++++-------- src/Icons/entrypoint.sh | 28 ++++++++++++++++++---------- src/Identity/entrypoint.sh | 22 +++++++++++++++------- util/Attachments/entrypoint.sh | 28 ++++++++++++++++++---------- util/MsSql/entrypoint.sh | 28 ++++++++++++++++++---------- util/Nginx/entrypoint.sh | 34 +++++++++++++++++++++------------- util/Setup/entrypoint.sh | 26 +++++++++++++++++--------- 8 files changed, 140 insertions(+), 76 deletions(-) diff --git a/src/Admin/entrypoint.sh b/src/Admin/entrypoint.sh index 08068dcb16..5db86b548f 100644 --- a/src/Admin/entrypoint.sh +++ b/src/Admin/entrypoint.sh @@ -1,18 +1,26 @@ #!/bin/bash -NOUSER=`id -u bitwarden > /dev/null 2>&1; echo $?` +USERNAME="bitwarden" +NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} -if [ $NOUSER == 0 ] && [ `id -u bitwarden` != $LUID ] + +# Step down from host root +if [ $LUID == 0 ] then - usermod -u $LUID bitwarden -elif [ $NOUSER == 1 ] -then - useradd -r -u $LUID -g bitwarden bitwarden + LUID=999 fi -chown -R bitwarden:bitwarden /app +if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +then + usermod -u $LUID $USERNAME +elif [ $NOUSER == 1 ] +then + useradd -r -u $LUID -g $USERNAME $USERNAME +fi + +chown -R $USERNAME:$USERNAME /app mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/logs -chown -R bitwarden:bitwarden /etc/bitwarden +chown -R $USERNAME:$USERNAME /etc/bitwarden -gosu bitwarden:bitwarden dotnet /app/Admin.dll +gosu $USERNAME:$USERNAME dotnet /app/Admin.dll diff --git a/src/Api/entrypoint.sh b/src/Api/entrypoint.sh index 8349979e23..3533cda98d 100644 --- a/src/Api/entrypoint.sh +++ b/src/Api/entrypoint.sh @@ -1,22 +1,30 @@ #!/bin/bash -NOUSER=`id -u bitwarden > /dev/null 2>&1; echo $?` +USERNAME="bitwarden" +NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} -if [ $NOUSER == 0 ] && [ `id -u bitwarden` != $LUID ] + +# Step down from host root +if [ $LUID == 0 ] then - usermod -u $LUID bitwarden + LUID=999 +fi + +if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +then + usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g bitwarden bitwarden + useradd -r -u $LUID -g $USERNAME $USERNAME fi touch /var/log/cron.log -chown bitwarden:bitwarden /var/log/cron.log -chown -R bitwarden:bitwarden /app -chown -R bitwarden:bitwarden /jobs +chown $USERNAME:$USERNAME /var/log/cron.log +chown -R $USERNAME:$USERNAME /app +chown -R $USERNAME:$USERNAME /jobs mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/logs -chown -R bitwarden:bitwarden /etc/bitwarden +chown -R $USERNAME:$USERNAME /etc/bitwarden env >> /etc/environment cron diff --git a/src/Icons/entrypoint.sh b/src/Icons/entrypoint.sh index df69e5e1ec..9d26f3fc86 100644 --- a/src/Icons/entrypoint.sh +++ b/src/Icons/entrypoint.sh @@ -1,17 +1,25 @@ #!/bin/bash -NOUSER=`id -u bitwarden > /dev/null 2>&1; echo $?` +USERNAME="bitwarden" +NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} -if [ $NOUSER == 0 ] && [ `id -u bitwarden` != $LUID ] + +# Step down from host root +if [ $LUID == 0 ] then - usermod -u $LUID bitwarden -elif [ $NOUSER == 1 ] -then - useradd -r -u $LUID -g bitwarden bitwarden + LUID=999 fi -chown -R bitwarden:bitwarden /app -chown -R bitwarden:bitwarden /etc/iconserver +if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +then + usermod -u $LUID $USERNAME +elif [ $NOUSER == 1 ] +then + useradd -r -u $LUID -g $USERNAME $USERNAME +fi -gosu bitwarden:bitwarden /etc/iconserver/iconserver & -gosu bitwarden:bitwarden dotnet /app/Icons.dll iconsSettings:bestIconBaseUrl=http://localhost:8080 +chown -R $USERNAME:$USERNAME /app +chown -R $USERNAME:$USERNAME /etc/iconserver + +gosu $USERNAME:$USERNAME /etc/iconserver/iconserver & +gosu $USERNAME:$USERNAME dotnet /app/Icons.dll iconsSettings:bestIconBaseUrl=http://localhost:8080 diff --git a/src/Identity/entrypoint.sh b/src/Identity/entrypoint.sh index 5eadc01c8f..ab37a9c7ff 100644 --- a/src/Identity/entrypoint.sh +++ b/src/Identity/entrypoint.sh @@ -1,21 +1,29 @@ #!/bin/bash -NOUSER=`id -u bitwarden > /dev/null 2>&1; echo $?` +USERNAME="bitwarden" +NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} -if [ $NOUSER == 0 ] && [ `id -u bitwarden` != $LUID ] + +# Step down from host root +if [ $LUID == 0 ] then - usermod -u $LUID bitwarden + LUID=999 +fi + +if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +then + usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g bitwarden bitwarden + useradd -r -u $LUID -g $USERNAME $USERNAME fi mkdir -p /etc/bitwarden/identity mkdir -p /etc/bitwarden/core mkdir -p /etc/bitwarden/logs -chown -R bitwarden:bitwarden /etc/bitwarden +chown -R $USERNAME:$USERNAME /etc/bitwarden cp /etc/bitwarden/identity/identity.pfx /app/identity.pfx -chown -R bitwarden:bitwarden /app +chown -R $USERNAME:$USERNAME /app -gosu bitwarden:bitwarden dotnet /app/Identity.dll +gosu $USERNAME:$USERNAME dotnet /app/Identity.dll diff --git a/util/Attachments/entrypoint.sh b/util/Attachments/entrypoint.sh index 3c83ffa52e..143473d422 100644 --- a/util/Attachments/entrypoint.sh +++ b/util/Attachments/entrypoint.sh @@ -1,18 +1,26 @@ #!/bin/bash -NOUSER=`id -u bitwarden > /dev/null 2>&1; echo $?` +USERNAME="bitwarden" +NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} -if [ $NOUSER == 0 ] && [ `id -u bitwarden` != $LUID ] + +# Step down from host root +if [ $LUID == 0 ] then - usermod -u $LUID bitwarden -elif [ $NOUSER == 1 ] -then - useradd -r -u $LUID -g bitwarden bitwarden + LUID=999 fi -chown -R bitwarden:bitwarden /bitwarden_server -mkdir -p /etc/bitwarden/core/attachments -chown -R bitwarden:bitwarden /etc/bitwarden +if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +then + usermod -u $LUID $USERNAME +elif [ $NOUSER == 1 ] +then + useradd -r -u $LUID -g $USERNAME $USERNAME +fi -gosu bitwarden:bitwarden dotnet /bitwarden_server/Server.dll \ +chown -R $USERNAME:$USERNAME /bitwarden_server +mkdir -p /etc/bitwarden/core/attachments +chown -R $USERNAME:$USERNAME /etc/bitwarden + +gosu $USERNAME:$USERNAME dotnet /bitwarden_server/Server.dll \ /contentRoot=/etc/bitwarden/core/attachments /webRoot=. /serveUnknown=true diff --git a/util/MsSql/entrypoint.sh b/util/MsSql/entrypoint.sh index e3e5091015..ab453e7ad9 100644 --- a/util/MsSql/entrypoint.sh +++ b/util/MsSql/entrypoint.sh @@ -1,25 +1,33 @@ #!/bin/bash -NOUSER=`id -u bitwarden > /dev/null 2>&1; echo $?` +USERNAME="bitwarden" +NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} -if [ $NOUSER == 0 ] && [ `id -u bitwarden` != $LUID ] + +# Step down from host root +if [ $LUID == 0 ] then - usermod -u $LUID bitwarden + LUID=999 +fi + +if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +then + usermod -u $LUID $USERNAME elif [ $NOUSER == 1 ] then - useradd -r -u $LUID -g bitwarden bitwarden + useradd -r -u $LUID -g $USERNAME $USERNAME fi touch /var/log/cron.log -chown bitwarden:bitwarden /var/log/cron.log +chown $USERNAME:$USERNAME /var/log/cron.log mkdir -p /etc/bitwarden/mssql/backups -chown -R bitwarden:bitwarden /etc/bitwarden +chown -R $USERNAME:$USERNAME /etc/bitwarden mkdir -p /var/opt/mssql/data -chown -R bitwarden:bitwarden /var/opt/mssql -chown bitwarden:bitwarden /backup-db.sh -chown bitwarden:bitwarden /backup-db.sql +chown -R $USERNAME:$USERNAME /var/opt/mssql +chown $USERNAME:$USERNAME /backup-db.sh +chown $USERNAME:$USERNAME /backup-db.sql env >> /etc/environment cron -gosu bitwarden:bitwarden /opt/mssql/bin/sqlservr +gosu $USERNAME:$USERNAME /opt/mssql/bin/sqlservr diff --git a/util/Nginx/entrypoint.sh b/util/Nginx/entrypoint.sh index 272a36afad..13fff4b93c 100644 --- a/util/Nginx/entrypoint.sh +++ b/util/Nginx/entrypoint.sh @@ -1,24 +1,32 @@ #!/bin/bash -NOUSER=`id -u bitwarden > /dev/null 2>&1; echo $?` +USERNAME="bitwarden" +NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} -if [ $NOUSER == 0 ] && [ `id -u bitwarden` != $LUID ] + +# Step down from host root +if [ $LUID == 0 ] then - usermod -u $LUID bitwarden -elif [ $NOUSER == 1 ] -then - useradd -r -u $LUID -g bitwarden bitwarden + LUID=999 fi -chown -R bitwarden:bitwarden /etc/bitwarden +if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +then + usermod -u $LUID $USERNAME +elif [ $NOUSER == 1 ] +then + useradd -r -u $LUID -g $USERNAME $USERNAME +fi + +chown -R $USERNAME:$USERNAME /etc/bitwarden cp /etc/bitwarden/nginx/default.conf /etc/nginx/conf.d/default.conf mkdir -p /etc/letsencrypt -chown -R bitwarden:bitwarden /etc/letsencrypt +chown -R $USERNAME:$USERNAME /etc/letsencrypt mkdir -p /etc/ssl -chown -R bitwarden:bitwarden /etc/ssl +chown -R $USERNAME:$USERNAME /etc/ssl touch /var/run/nginx.pid -chown -R bitwarden:bitwarden /var/run/nginx.pid -chown -R bitwarden:bitwarden /var/cache/nginx -chown -R bitwarden:bitwarden /var/log/nginx +chown -R $USERNAME:$USERNAME /var/run/nginx.pid +chown -R $USERNAME:$USERNAME /var/cache/nginx +chown -R $USERNAME:$USERNAME /var/log/nginx -gosu bitwarden:bitwarden nginx -g 'daemon off;' +gosu $USERNAME:$USERNAME nginx -g 'daemon off;' diff --git a/util/Setup/entrypoint.sh b/util/Setup/entrypoint.sh index 4b2d963312..4500d31ec8 100644 --- a/util/Setup/entrypoint.sh +++ b/util/Setup/entrypoint.sh @@ -1,22 +1,30 @@ #!/bin/bash -NOUSER=`id -u bitwarden > /dev/null 2>&1; echo $?` +USERNAME="bitwarden" +NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?` LUID=${LOCAL_UID:-999} -if [ $NOUSER == 0 ] && [ `id -u bitwarden` != $LUID ] + +# Step down from host root +if [ $LUID == 0 ] then - usermod -u $LUID bitwarden -elif [ $NOUSER == 1 ] -then - useradd -r -u $LUID -g bitwarden bitwarden + LUID=999 fi -chown -R bitwarden:bitwarden /app +if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ] +then + usermod -u $LUID $USERNAME +elif [ $NOUSER == 1 ] +then + useradd -r -u $LUID -g $USERNAME $USERNAME +fi + +chown -R $USERNAME:$USERNAME /app mkdir -p /bitwarden/env mkdir -p /bitwarden/docker mkdir -p /bitwarden/ssl mkdir -p /bitwarden/letsencrypt mkdir -p /bitwarden/identity mkdir -p /bitwarden/nginx -chown -R bitwarden:bitwarden /bitwarden +chown -R $USERNAME:$USERNAME /bitwarden -exec gosu bitwarden:bitwarden "$@" +exec gosu $USERNAME:$USERNAME "$@"