From 4ef2f48a471b345c58be50820e8a8d908223f93d Mon Sep 17 00:00:00 2001 From: Azlux Date: Mon, 3 Jun 2024 17:25:01 +0200 Subject: [PATCH 1/6] No USER in dockerfile anymore --- Dockerfile | 1 - README.md | 4 +++- entrypoint.sh | 22 ++++++++++++++++++++-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index c03df1a..8c9e091 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,7 +73,6 @@ COPY --from=build /mumble/repo/build/mumble-server /usr/bin/mumble-server COPY --from=build /mumble/repo/default_config.ini /etc/mumble/bare_config.ini RUN mkdir -p /data && chown -R mumble:mumble /data && chown -R mumble:mumble /etc/mumble -USER mumble EXPOSE 64738/tcp 64738/udp COPY entrypoint.sh /entrypoint.sh diff --git a/README.md b/README.md index 5a9e5ed..ae761de 100644 --- a/README.md +++ b/README.md @@ -122,6 +122,7 @@ The following _additional_ variables can be set for further server configuration |----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------- | | `MUMBLE_ACCEPT_UNKNOWN_SETTINGS` | Set to `true` to force the container to accept unknown settings passed as a `MUMBLE_CONFIG_` variable (see note below). | | `MUMBLE_CUSTOM_CONFIG_FILE` | Specify a custom config file path - **all `MUMBLE_CONFIG_` variables are IGNORED**
(it's best to use a path inside the volume `/data/`) | +| `MUMBLE_NO_CHOWN` | Set to `true` to avoid the entrypoint to `chown` you `/data` folder | | `MUMBLE_SUPERUSER_PASSWORD` | Specifies the SuperUser (Admin) password for this server. If this is not given, a random password will be generated upon first startup. | | `MUMBLE_VERBOSE` | Set to `true` to enable verbose logging in the server | @@ -160,8 +161,9 @@ process employed by this Docker image. ### Using a different UID/GID Additionally, it is possible to specify the UID and the GID of the `mumble` user that is used inside the container. These can be controlled by the -`MUMBLE_UID` and `MUMBLE_GID` build variables respectively. This is intended to allow you to use the same UID and GID as your user on your host +`MUMBLE_UID` and `MUMBLE_GID` entrypoint variables respectively. This is intended to allow you to use the same UID and GID as your user on your host system, in order to cause minimal issues when accessing mounted volumes. +By default, the entrypoint will `chown` the `/data` folder to have good rights on the mounted folder. If your system don't allow changing owner from the container itself or if you don't want to entrypoint to modify the rights in any way other by you, you can set the environment variable : `MUMBLE_NO_CHOWN` to `true`. ### Using custom build options diff --git a/entrypoint.sh b/entrypoint.sh index b264220..17e74b8 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -5,6 +5,8 @@ readonly DATA_DIR="/data" readonly BARE_BONES_CONFIG_FILE="/etc/mumble/bare_config.ini" readonly CONFIG_REGEX="^(\;|\#)?\ *([a-zA-Z_0-9]+)=.*" CONFIG_FILE="${DATA_DIR}/mumble_server_config.ini" +MUMBLE_UID=${MUMBLE_UID:-10000} +MUMBLE_GID=${MUMBLE_GID:-10000} readonly SENSITIVE_CONFIGS=( "dbPassword" @@ -159,11 +161,27 @@ if [[ -n "${MUMBLE_SUPERUSER_PASSWORD}" ]]; then fi # Show /data permissions, in case the user needs to match the mount point access -echo "Running Mumble server as uid=$(id -u) gid=$(id -g)" +echo "Entrypoint running as uid=$(id -u) gid=$(id -g)" +echo "Preparing Mumble server to run as uid=$(MUMBLE_UID) gid=$(MUMBLE_GID)" + +if [[ "$MUMBLE_UID" != "0" ]]; then + groupmod -og "$MUMBLE_GID" mumble + usermod -ou "$MUMBLE_UID" mumble + if [[ "$MUMBLE_NO_CHOWN" = true ]]; then + echo "Changing owner of folder {DATA_DIR}" + chown -R mumble:mumble ${DATA_DIR} + fi + exec runuser -u mumble -g mumble -- "$@" +fi + echo "\"${DATA_DIR}\" has the following permissions set:" echo " $( stat ${DATA_DIR} --printf='%A, owner: \"%U\" (UID: %u), group: \"%G\" (GID: %g)' )" echo "Command run to start the service : ${server_invocation[*]}" echo "Starting..." -exec "${server_invocation[@]}" +if [[ "$MUMBLE_UID" != "0" ]]; then + exec runuser -u mumble -g mumble -- "${server_invocation[@]}" +else + exec "${server_invocation[@]}" +fi From 1e759dec1cfeea36c2358448070e55327a1f7719 Mon Sep 17 00:00:00 2001 From: Azlux Date: Wed, 5 Jun 2024 11:14:46 +0200 Subject: [PATCH 2/6] no double no --- README.md | 2 +- entrypoint.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ae761de..908eda6 100644 --- a/README.md +++ b/README.md @@ -121,8 +121,8 @@ The following _additional_ variables can be set for further server configuration | Environment Variable | Description | |----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------- | | `MUMBLE_ACCEPT_UNKNOWN_SETTINGS` | Set to `true` to force the container to accept unknown settings passed as a `MUMBLE_CONFIG_` variable (see note below). | +| `MUMBLE_CHOWN` | Set to `false` to avoid the entrypoint to `chown` you `/data` folder | | `MUMBLE_CUSTOM_CONFIG_FILE` | Specify a custom config file path - **all `MUMBLE_CONFIG_` variables are IGNORED**
(it's best to use a path inside the volume `/data/`) | -| `MUMBLE_NO_CHOWN` | Set to `true` to avoid the entrypoint to `chown` you `/data` folder | | `MUMBLE_SUPERUSER_PASSWORD` | Specifies the SuperUser (Admin) password for this server. If this is not given, a random password will be generated upon first startup. | | `MUMBLE_VERBOSE` | Set to `true` to enable verbose logging in the server | diff --git a/entrypoint.sh b/entrypoint.sh index 17e74b8..ad63bcc 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,6 +7,7 @@ readonly CONFIG_REGEX="^(\;|\#)?\ *([a-zA-Z_0-9]+)=.*" CONFIG_FILE="${DATA_DIR}/mumble_server_config.ini" MUMBLE_UID=${MUMBLE_UID:-10000} MUMBLE_GID=${MUMBLE_GID:-10000} +MUMBLE_CHOWN=${MUMBLE_CHOWN:-true} readonly SENSITIVE_CONFIGS=( "dbPassword" @@ -167,7 +168,7 @@ echo "Preparing Mumble server to run as uid=$(MUMBLE_UID) gid=$(MUMBLE_GID)" if [[ "$MUMBLE_UID" != "0" ]]; then groupmod -og "$MUMBLE_GID" mumble usermod -ou "$MUMBLE_UID" mumble - if [[ "$MUMBLE_NO_CHOWN" = true ]]; then + if [[ "$MUMBLE_CHOWN" = true ]]; then echo "Changing owner of folder {DATA_DIR}" chown -R mumble:mumble ${DATA_DIR} fi From 28198415e3ce3db3be53e9b8296ca2c4420ba230 Mon Sep 17 00:00:00 2001 From: azlux Date: Wed, 6 Nov 2024 13:32:43 +0100 Subject: [PATCH 3/6] Update README.md Co-authored-by: Robert Adam --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 908eda6..9615e55 100644 --- a/README.md +++ b/README.md @@ -163,7 +163,7 @@ process employed by this Docker image. Additionally, it is possible to specify the UID and the GID of the `mumble` user that is used inside the container. These can be controlled by the `MUMBLE_UID` and `MUMBLE_GID` entrypoint variables respectively. This is intended to allow you to use the same UID and GID as your user on your host system, in order to cause minimal issues when accessing mounted volumes. -By default, the entrypoint will `chown` the `/data` folder to have good rights on the mounted folder. If your system don't allow changing owner from the container itself or if you don't want to entrypoint to modify the rights in any way other by you, you can set the environment variable : `MUMBLE_NO_CHOWN` to `true`. +By default, the entrypoint will `chown` the `/data` folder to have the necessary permissions in the mounted directory. If your system doesn't allow this from within the container or if you don't want this behavior for other reasons, you can set the environment variable : `MUMBLE_NO_CHOWN` to `true`. ### Using custom build options From af2c48fb710d85c9c0a0e745df5f5ffbe7f148aa Mon Sep 17 00:00:00 2001 From: azlux Date: Wed, 6 Nov 2024 13:33:00 +0100 Subject: [PATCH 4/6] Update entrypoint.sh Co-authored-by: Robert Adam --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index ad63bcc..a6384f3 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -169,7 +169,7 @@ if [[ "$MUMBLE_UID" != "0" ]]; then groupmod -og "$MUMBLE_GID" mumble usermod -ou "$MUMBLE_UID" mumble if [[ "$MUMBLE_CHOWN" = true ]]; then - echo "Changing owner of folder {DATA_DIR}" + echo "Changing owner of folder ${DATA_DIR}" chown -R mumble:mumble ${DATA_DIR} fi exec runuser -u mumble -g mumble -- "$@" From 30274e8debd8119f8aac866a4bfbe68b5253f4f9 Mon Sep 17 00:00:00 2001 From: azlux Date: Wed, 6 Nov 2024 13:33:17 +0100 Subject: [PATCH 5/6] Update entrypoint.sh Co-authored-by: Robert Adam --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index a6384f3..37d57e9 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -170,7 +170,7 @@ if [[ "$MUMBLE_UID" != "0" ]]; then usermod -ou "$MUMBLE_UID" mumble if [[ "$MUMBLE_CHOWN" = true ]]; then echo "Changing owner of folder ${DATA_DIR}" - chown -R mumble:mumble ${DATA_DIR} + chown -R mumble:mumble "${DATA_DIR}" fi exec runuser -u mumble -g mumble -- "$@" fi From 2d41510eab41e17e3064c678e5abb2c3dc678373 Mon Sep 17 00:00:00 2001 From: Azlux Date: Wed, 6 Nov 2024 13:39:45 +0100 Subject: [PATCH 6/6] remove bad run --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 37d57e9..ea08f89 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -168,11 +168,11 @@ echo "Preparing Mumble server to run as uid=$(MUMBLE_UID) gid=$(MUMBLE_GID)" if [[ "$MUMBLE_UID" != "0" ]]; then groupmod -og "$MUMBLE_GID" mumble usermod -ou "$MUMBLE_UID" mumble + echo "The mumble server will start with uid ${MUMBLE_UID} and gid ${MUMBLE_GID}" if [[ "$MUMBLE_CHOWN" = true ]]; then - echo "Changing owner of folder ${DATA_DIR}" + echo "Changing owner of folder ${DATA_DIR} to mumble:mumble" chown -R mumble:mumble "${DATA_DIR}" fi - exec runuser -u mumble -g mumble -- "$@" fi echo "\"${DATA_DIR}\" has the following permissions set:"