move app user creation to startup scripts

run fpm as app user
2020-01-23 16:59:10 +03:00 · 2020-01-23 16:59:10 +03:00 · e9563c4a87
parent 59eb978976
commit e9563c4a87
4 changed files with 11 additions and 14 deletions
--- a/app/Dockerfile
+++ b/app/Dockerfile
@ -14,9 +14,6 @@ ADD index.php /

 RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf

-ARG OWNER_UID
-ARG OWNER_GID
-
-RUN mkdir -p /var/www && addgroup -g ${OWNER_GID} app && adduser -D -h /var/www/html -G app -u ${OWNER_UID} app
+RUN mkdir -p /var/www

 CMD /startup.sh
--- a/app/startup.sh
+++ b/app/startup.sh
@ -5,6 +5,9 @@ while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	sleep 3
 done

+addgroup -g $OWNER_GID app
+adduser -D -h /var/www/html -G app -u $OWNER_UID app
+
 DST_DIR=/var/www/html/tt-rss
 SRC_REPO=https://git.tt-rss.org/fox/tt-rss.git

@ -33,7 +36,8 @@ else
 	  	git pull origin master
 fi

-chown -R $OWNER_UID:$OWNER_GID $DST_DIR
+chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
+	/var/log/php7

 for d in cache lock feed-icons; do
 	chmod -R 777 $DST_DIR/$d
@ -72,5 +76,5 @@ fi

 touch $DST_DIR/.app_is_ready

-exec /usr/sbin/php-fpm7 -F
+sudo -u app /usr/sbin/php-fpm7 -F

--- a/app/updater.sh
+++ b/app/updater.sh
@ -3,6 +3,9 @@
 # wait for the app container to delete .app_is_ready and perform rsync, etc.
 sleep 30

+addgroup -g $OWNER_GID app
+adduser -D -h /var/www/html -G app -u $OWNER_UID app
+
 while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	echo waiting until $DB_HOST is ready...
 	sleep 3
@ -15,4 +18,4 @@ while [ ! -s $DST_DIR/config.php -a -e $DST_DIR/.app_is_ready ]; do
 	sleep 3
 done

-exec /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
+sudo -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -17,9 +17,6 @@ services:
    build: 
      context:
        ./app
-      args:
-        - OWNER_UID=${OWNER_UID}
-        - OWNER_GID=${OWNER_GID}
    restart: unless-stopped
    environment:
      - DB_TYPE=pgsql
@ -39,9 +36,6 @@ services:
    build:
      context:
        ./app
-      args:
-        - OWNER_UID=${OWNER_UID}
-        - OWNER_GID=${OWNER_GID}
    restart: unless-stopped
    environment:
      - DB_TYPE=pgsql
@ -56,7 +50,6 @@ services:
      - app:/var/www/html
    depends_on:
      - app
-    user: app
    command: /updater.sh

  web: