From 157a7074e62f2ef4a4ffaab825b8704e9484d61a Mon Sep 17 00:00:00 2001 From: Lorenz Schmid Date: Thu, 5 Sep 2024 10:17:51 +0200 Subject: [PATCH] Allow for non-root operation --- Dockerfile | 13 +++++++++++++ README.md | 13 ++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 40dab6f..a2fc488 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,5 +21,18 @@ RUN mkdir -p /data # Expose the port the sync server runs on EXPOSE 8080 +# Use PUID and PGID if set, otherwise fallback to default user and group +ARG PUID=1000 +ARG PGID=1000 + +# Create group and user based on PUID and PGID +RUN groupadd -g ${PGID} anki && useradd -u ${PUID} -g anki -m anki + +# Set ownership of the working directory and data directory to the new user +RUN chown -R anki:anki /app && chown -R anki:anki /data + +# Switch to the non-root user +USER anki + # Run the script to update the package and start the server CMD ["/app/start.sh"] diff --git a/README.md b/README.md index 83d7545..d4bdfb9 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,11 @@ The following environmental variables has to be set outside of the container. Fa - `SYNC_USER1`: The username and password for the first user in the format `user:pass`. +Optionally, the user and group ID can be set to use the docker container in a non-root manner: + +- `PUID`: User ID +- `GID`: Group ID + ## Running the Docker Container @@ -26,6 +31,8 @@ docker run \ --name anki-syncserver \ -p 8080:8080 \ -v ./data:/data \ + -e PUID=$(id -u) \ + -e PGID=$(id -g) \ -e SYNC_USER1=user:pass \ ghcr.io/lorenzschmid/anki-syncserver ``` @@ -34,6 +41,8 @@ docker run \ - `--name`: Assigns a name to the container (`anki-syncserver`). - `-p 8080:8080`: Maps port `8080` on the host to port `8080` in the container. - `-v ./data:/data`: Mounts the host directory `./data` to the container’s `/data` directory for data persistence. +- `-e PUID=$(id -u)`: Sets the `PUID` environment variable to the current user ID of the host. +- `-e PGID=$(id -g)`: Sets the `PGID` environment variable to the current group ID of the host. - `-e SYNC_USER1=user:pass`: Sets the `SYNC_USER1` environment variable to configure the sync server’s username and password. or via docker compose: @@ -46,7 +55,9 @@ services: image: ghcr.io/lorenzschmid/anki-syncserver container_name: anki-syncserver environment: - - SYNC_USER1=user:pass + PUID: "${PUID:-1000}" + PGID: "${PGID:-1000}" + SYNC_USER1: user:pass # Replace with your desired username:password ports: - "8080:8080" volumes: