Skip to content

Commit

Permalink
No USER in dockerfile anymore
Browse files Browse the repository at this point in the history
  • Loading branch information
azlux committed Jun 3, 2024
1 parent d553d65 commit 4ef2f48
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 4 deletions.
1 change: 0 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ COPY --from=build /mumble/repo/build/mumble-server /usr/bin/mumble-server
COPY --from=build /mumble/repo/default_config.ini /etc/mumble/bare_config.ini

RUN mkdir -p /data && chown -R mumble:mumble /data && chown -R mumble:mumble /etc/mumble
USER mumble
EXPOSE 64738/tcp 64738/udp
COPY entrypoint.sh /entrypoint.sh

Expand Down
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ The following _additional_ variables can be set for further server configuration
|----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------- |
| `MUMBLE_ACCEPT_UNKNOWN_SETTINGS` | Set to `true` to force the container to accept unknown settings passed as a `MUMBLE_CONFIG_` variable (see note below). |
| `MUMBLE_CUSTOM_CONFIG_FILE` | Specify a custom config file path - **all `MUMBLE_CONFIG_` variables are IGNORED** <br/>(it's best to use a path inside the volume `/data/`) |
| `MUMBLE_NO_CHOWN` | Set to `true` to avoid the entrypoint to `chown` you `/data` folder |
| `MUMBLE_SUPERUSER_PASSWORD` | Specifies the SuperUser (Admin) password for this server. If this is not given, a random password will be generated upon first startup. |
| `MUMBLE_VERBOSE` | Set to `true` to enable verbose logging in the server |

Expand Down Expand Up @@ -160,8 +161,9 @@ process employed by this Docker image.
### Using a different UID/GID

Additionally, it is possible to specify the UID and the GID of the `mumble` user that is used inside the container. These can be controlled by the
`MUMBLE_UID` and `MUMBLE_GID` build variables respectively. This is intended to allow you to use the same UID and GID as your user on your host
`MUMBLE_UID` and `MUMBLE_GID` entrypoint variables respectively. This is intended to allow you to use the same UID and GID as your user on your host
system, in order to cause minimal issues when accessing mounted volumes.
By default, the entrypoint will `chown` the `/data` folder to have good rights on the mounted folder. If your system don't allow changing owner from the container itself or if you don't want to entrypoint to modify the rights in any way other by you, you can set the environment variable : `MUMBLE_NO_CHOWN` to `true`.

### Using custom build options

Expand Down
22 changes: 20 additions & 2 deletions entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ readonly DATA_DIR="/data"
readonly BARE_BONES_CONFIG_FILE="/etc/mumble/bare_config.ini"
readonly CONFIG_REGEX="^(\;|\#)?\ *([a-zA-Z_0-9]+)=.*"
CONFIG_FILE="${DATA_DIR}/mumble_server_config.ini"
MUMBLE_UID=${MUMBLE_UID:-10000}
MUMBLE_GID=${MUMBLE_GID:-10000}

readonly SENSITIVE_CONFIGS=(
"dbPassword"
Expand Down Expand Up @@ -159,11 +161,27 @@ if [[ -n "${MUMBLE_SUPERUSER_PASSWORD}" ]]; then
fi

# Show /data permissions, in case the user needs to match the mount point access
echo "Running Mumble server as uid=$(id -u) gid=$(id -g)"
echo "Entrypoint running as uid=$(id -u) gid=$(id -g)"
echo "Preparing Mumble server to run as uid=$(MUMBLE_UID) gid=$(MUMBLE_GID)"

if [[ "$MUMBLE_UID" != "0" ]]; then
groupmod -og "$MUMBLE_GID" mumble
usermod -ou "$MUMBLE_UID" mumble
if [[ "$MUMBLE_NO_CHOWN" = true ]]; then
echo "Changing owner of folder {DATA_DIR}"
chown -R mumble:mumble ${DATA_DIR}
fi
exec runuser -u mumble -g mumble -- "$@"
fi

echo "\"${DATA_DIR}\" has the following permissions set:"
echo " $( stat ${DATA_DIR} --printf='%A, owner: \"%U\" (UID: %u), group: \"%G\" (GID: %g)' )"

echo "Command run to start the service : ${server_invocation[*]}"
echo "Starting..."

exec "${server_invocation[@]}"
if [[ "$MUMBLE_UID" != "0" ]]; then
exec runuser -u mumble -g mumble -- "${server_invocation[@]}"
else
exec "${server_invocation[@]}"
fi

0 comments on commit 4ef2f48

Please sign in to comment.