Browse Source

move app user creation to startup scripts
run fpm as app user

Andrew Dolgov 8 months ago
parent
commit
0e7d838fec
5 changed files with 10 additions and 15 deletions
  1. 0 3
      src/app/Dockerfile
  2. 0 2
      src/app/build-prepare.sh
  3. 6 2
      src/app/startup.sh
  4. 4 1
      src/app/updater.sh
  5. 0 7
      src/docker-compose.yml

+ 0 - 3
src/app/Dockerfile

@@ -15,9 +15,6 @@ ADD build-prepare.sh /
 
 RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf
 
-ARG OWNER_UID
-ARG OWNER_GID
-
 RUN sh -c /build-prepare.sh
 
 CMD /startup.sh

+ 0 - 2
src/app/build-prepare.sh

@@ -21,6 +21,4 @@ else
 fi
 
 mkdir -p /var/www
-addgroup -g $OWNER_GID app 
-adduser -D -h /var/www/html -G app -u $OWNER_UID app
 

+ 6 - 2
src/app/startup.sh

@@ -5,6 +5,9 @@ while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	sleep 3
 done
 
+addgroup -g $OWNER_GID app
+adduser -D -h /var/www/html -G app -u $OWNER_UID app
+
 DST_DIR=/var/www/html/tt-rss
 SRC_DIR=/src/tt-rss/
 
@@ -38,7 +41,8 @@ for d in cache lock feed-icons; do
 	chmod -R 777 $DST_DIR/$d
 done
 
-chown -R $OWNER_UID:$OWNER_GID $DST_DIR
+chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
+	/var/log/php7	
 
 PSQL="psql -q -h $DB_HOST -U $DB_USER $DB_NAME"
 
@@ -75,5 +79,5 @@ fi
 
 touch $DST_DIR/.app_is_ready
 
-exec /usr/sbin/php-fpm7 -F
+sudo -u app /usr/sbin/php-fpm7 -F
 

+ 4 - 1
src/app/updater.sh

@@ -3,6 +3,9 @@
 # wait for the app container to delete .app_is_ready and perform rsync, etc.
 sleep 30
 
+addgroup -g $OWNER_GID app
+adduser -D -h /var/www/html -G app -u $OWNER_UID app
+
 while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	echo waiting until $DB_HOST is ready...
 	sleep 3
@@ -15,4 +18,4 @@ while [ ! -s $DST_DIR/config.php -a -e $DST_DIR/.app_is_ready ]; do
 	sleep 3
 done
 
-exec /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
+sudo -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php

+ 0 - 7
src/docker-compose.yml

@@ -18,9 +18,6 @@ services:
     build: 
       context:
         ./app
-      args:
-        - OWNER_UID=${OWNER_UID}
-        - OWNER_GID=${OWNER_GID}
     restart: unless-stopped
     environment:
       - DB_TYPE=pgsql
@@ -41,9 +38,6 @@ services:
     build: 
       context:
         ./app
-      args:
-        - OWNER_UID=${OWNER_UID}
-        - OWNER_GID=${OWNER_GID}
     restart: unless-stopped
     environment:
       - DB_TYPE=pgsql
@@ -58,7 +52,6 @@ services:
       - app:/var/www/html
     depends_on:
       - app
-    user: app
     command: /updater.sh
 
   web: