Custom UID and GID for subprocesses and files written (#116) Fix #116

- Environment variables `UID` and `GID`, both defaulting to `1000` - All subprocesses (openvpn, tinyproxy, etc.) run using the UID and GID given - All files are written with an ownership for the UID and GID given - Port forwarded file has also ownership for UID, GID and read permission only
2020-03-29 19:52:49 -04:00
parent 76cea56864
commit e5adccd9c5
12 changed files with 193 additions and 30 deletions
--- a/12
+++ b/12
@@ -36,6 +36,8 @@ ENV VPNSP=pia \
    OPENVPN_ROOT=no \
    OPENVPN_TARGET_IP= \
    TZ= \
+    UID=1000 \
+    GID=1000 \
    # PIA only
    PASSWORD= \
    REGION="Austria" \
@@ -82,8 +84,8 @@ HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /entry
 RUN apk add -q --progress --no-cache --update openvpn ca-certificates iptables unbound tinyproxy tzdata && \
    echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
    apk add -q --progress --no-cache --update shadowsocks-libev && \
-    rm -rf /*.zip /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-anchor /usr/sbin/unbound-checkconf /usr/sbin/unbound-control /usr/sbin/unbound-control-setup /usr/sbin/unbound-host /etc/tinyproxy/tinyproxy.conf && \
-    adduser nonrootuser -D -H --uid 1000 && \
-    chown nonrootuser -R /etc/unbound /etc/tinyproxy && \
-    chmod 700 /etc/unbound /etc/tinyproxy
-COPY --from=builder --chown=1000:1000 /tmp/gobuild/entrypoint /entrypoint
+    rm -rf /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-* /etc/tinyproxy/tinyproxy.conf && \
+    deluser openvpn && \
+    deluser tinyproxy && \
+    deluser unbound
+COPY --from=builder /tmp/gobuild/entrypoint /entrypoint