StuffAnThings/qbit_manage
1
1
Fork 0
mirror of https://github.com/StuffAnThings/qbit_manage.git synced 2025-10-10 05:46:55 +08:00
Code Issues Projects Releases Packages Wiki Activity
qbit_manage/entrypoint.sh
bobokun ddfdfa19ea
fix(entrypoint): improve privilege dropping with error handling and fallback 
- Remove permission fixing for /config directory
- Add graceful error handling for su-exec privilege dropping
- Fall back to running as root with warning if su-exec fails
2025-08-29 08:36:48 -04:00

101 lines
2.9 KiB
Bash
Raw Blame History

#!/bin/bash
# Exit on any error
set -e
# Runtime identity and permissions
PUID="${PUID:-1000}"
PGID="${PGID:-1000}"
UMASK="${UMASK:-022}"
# Validate inputs (numeric PUID/PGID)
if ! [[ "$PUID" =~ ^[0-9]+$ ]] || ! [[ "$PGID" =~ ^[0-9]+$ ]]; then
echo "ERROR: PUID and PGID must be numeric. Got PUID='$PUID' PGID='$PGID'"
exit 1
fi
umask "$UMASK"
# Configuration
SOURCE_FILE="/app/config/config.yml.sample"
DEST_FILE="/config/config.yml.sample"
# Function to safely copy with atomic operation
safe_copy() {
local src="$1"
local dest="$2"
local temp_file="${dest}.tmp"
# Create a temporary file first
cp "$src" "$temp_file"
# Atomic move to final destination
mv "$temp_file" "$dest"
echo "Successfully copied $src to $dest"
}
# Function to fix permissions (only when needed; quiet if no changes)
fix_permissions() {
local path="$1"
local uid="${PUID:-1000}"
local gid="${PGID:-1000}"
if [ -d "$path" ]; then
if find "$path" -xdev \( -not -user "$uid" -o -not -group "$gid" \) -print -quit | grep -q .; then
if chown -R "$uid:$gid" "$path" 2>/dev/null; then
echo "Corrected ownership of directory $path to $uid:$gid"
else
echo "Warning: Could not change ownership of directory $path"
fi
fi
else
if ! find "$path" -maxdepth 0 -user "$uid" -a -group "$gid" -print -quit | grep -q .; then
if chown "$uid:$gid" "$path" 2>/dev/null; then
echo "Corrected ownership of $path to $uid:$gid"
else
echo "Warning: Could not change ownership of $path"
fi
fi
fi
}
# Main logic
if [ -d "/config" ]; then
if [ -f "$SOURCE_FILE" ] && [ -s "$SOURCE_FILE" ]; then
if [ ! -f "$DEST_FILE" ] || ! cmp -s "$SOURCE_FILE" "$DEST_FILE"; then
# Safely copy the file (logs only when copy occurs)
safe_copy "$SOURCE_FILE" "$DEST_FILE"
# Fix permissions (logs only if changes made) when running as root
if [ "$(id -u)" = "0" ]; then
fix_permissions "$DEST_FILE"
fi
fi
elif [ ! -f "$SOURCE_FILE" ]; then
echo "ERROR: Source file $SOURCE_FILE does not exist"
exit 1
fi
fi
# Set HOME if /config exists
if [ -d "/config" ]; then
export HOME=/config
fi
# Execute the main command:
# - If running as root, drop privileges to PUID:PGID via su-exec
# - If already non-root (e.g., docker-compose sets user:), run as-is
set +e # Temporarily disable exit on error for su-exec handling
if [ "$(id -u)" = "0" ]; then
/sbin/su-exec "${PUID}:${PGID}" "$@"
if [ $? -eq 0 ]; then
# Won't reach here if su-exec succeeds
true
else
echo "Warning: Could not drop privileges to ${PUID}:${PGID}, continuing as root"
exec "$@"
fi
else
exec "$@"
fi
set -e # Re-enable exit on error
Reference in a new issue View git blame Copy permalink