From 2f15302a96a96e3b7228011e00ba437ee6af156e Mon Sep 17 00:00:00 2001
From: bobokun <jon.cy.lee98@gmail.com>
Date: Thu, 28 Aug 2025 16:17:34 -0400
Subject: [PATCH] fix(entrypoint): support non-root runs; fix permissions only
 as root

- Call fix_permissions only when running as root to avoid permission
  errors
- Fix /config ownership only under root
- If running as root, drop privileges via su-exec to PUID:PGID; if
  already non-root, execute the command as-is

This prevents failures when the container is started as a non-root user
(e.g., via docker-compose user) while preserving the existing behavior
for root runs.
---
 VERSION       |  2 +-
 entrypoint.sh | 20 +++++++++++++++-----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/VERSION b/VERSION
index 90ca3d6..c0cabbb 100755
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.5.6-develop7
+4.5.6-develop8
diff --git a/entrypoint.sh b/entrypoint.sh
index 49f0bb5..2fc7939 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -66,8 +66,10 @@ if [ -d "/config" ]; then
         if [ ! -f "$DEST_FILE" ] || ! cmp -s "$SOURCE_FILE" "$DEST_FILE"; then
             # Safely copy the file (logs only when copy occurs)
             safe_copy "$SOURCE_FILE" "$DEST_FILE"
-            # Fix permissions (logs only if changes made)
-            fix_permissions "$DEST_FILE"
+            # Fix permissions (logs only if changes made) when running as root
+            if [ "$(id -u)" = "0" ]; then
+                fix_permissions "$DEST_FILE"
+            fi
         fi
     elif [ ! -f "$SOURCE_FILE" ]; then
         echo "ERROR: Source file $SOURCE_FILE does not exist"
@@ -77,10 +79,18 @@ fi
 
 # Fix /config ownership if present
 if [ -d "/config" ]; then
-    fix_permissions "/config"
+    if [ "$(id -u)" = "0" ]; then
+        fix_permissions "/config"
+    fi
     # Provide a reasonable HOME for non-root runs (only if /config exists)
     export HOME=/config
 fi
 
-# Execute the main command as requested UID:GID
-exec /sbin/su-exec "${PUID}:${PGID}" "$@"
+# Execute the main command:
+# - If running as root, drop privileges to PUID:PGID via su-exec
+# - If already non-root (e.g., docker-compose sets user:), run as-is
+if [ "$(id -u)" = "0" ]; then
+    exec /sbin/su-exec "${PUID}:${PGID}" "$@"
+else
+    exec "$@"
+fi