mirrors/docker-icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/docker-icingaweb2.git synced 2025-10-24 21:40:59 +02:00
Code Issues Projects Releases Wiki Activity

entrypoint: chown www-data: /data and drop privileges if started as root

Browse Source
This commit is contained in:
Alexander A. Klimov 2023-02-15 14:51:26 +01:00
parent 39971df6fa
commit a700df6340
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
entrypoint/main.go
View File

@ -18,6 +18,7 @@ import (
"time" "time"
) )
const wwwdataUid = 33
const dataVolume = "/data" const dataVolume = "/data"
const modsDir = "/usr/share/icingaweb2/modules" const modsDir = "/usr/share/icingaweb2/modules"
const dirMode = 0750 const dirMode = 0750
@ -39,6 +40,24 @@ func entrypoint() error {
return nil return nil
} }
if os.Getuid() == 0 {
logf("info", "Giving %s to the www-data user as we're root", dataVolume)
if err := os.Chown(dataVolume, wwwdataUid, wwwdataUid); err != nil {
return err
}
logf("info", "Dropping privileges as we're root")
if err := syscall.Setgid(wwwdataUid); err != nil {
return err
}
if err := syscall.Setuid(wwwdataUid); err != nil {
return err
}
}
if os.Getpid() == 1 { if os.Getpid() == 1 {
logf("info", "Initializing %s as we're the init process", dataVolume) logf("info", "Initializing %s as we're the init process", dataVolume)