Daniel Volz
37 lines
1.2 KiB
Bash
37 lines
1.2 KiB
Bash
#!/bin/sh
|
|
set -e
|
|
|
|
# Use PUID/PGID from environment, default to 1000
|
|
PUID=${PUID:-1000}
|
|
PGID=${PGID:-1000}
|
|
|
|
echo "[entrypoint] Starting with PUID=$PUID, PGID=$PGID"
|
|
|
|
# Ensure data directory exists with correct ownership
|
|
# Note: With cap_drop ALL, root can't write to dirs owned by others (no DAC_OVERRIDE)
|
|
# So we create the dir and immediately chown it
|
|
if [ ! -d /app/data ]; then
|
|
mkdir -p /app/data
|
|
echo "[entrypoint] Created /app/data"
|
|
fi
|
|
|
|
# Set ownership (requires CHOWN capability)
|
|
chown -R "$PUID:$PGID" /app/data 2>/dev/null || echo "[entrypoint] chown skipped (already correct or no permission)"
|
|
|
|
# Write test must run AS the target user (root can't write without DAC_OVERRIDE cap)
|
|
echo "[entrypoint] Testing write access as user $PUID..."
|
|
if gosu "$PUID:$PGID" touch /app/data/.write-test 2>/dev/null; then
|
|
gosu "$PUID:$PGID" rm -f /app/data/.write-test
|
|
echo "[entrypoint] Write test passed"
|
|
else
|
|
echo "[entrypoint] ERROR: User $PUID cannot write to /app/data"
|
|
echo "[entrypoint] Directory info:"
|
|
ls -la /app/data/
|
|
echo "[entrypoint] FIX: On host run: sudo chown -R $PUID:$PGID <your-data-path>"
|
|
exit 1
|
|
fi
|
|
|
|
# Start app as the specified user
|
|
echo "[entrypoint] Starting app as user $PUID:$PGID"
|
|
exec gosu "$PUID:$PGID" "$@"
|