add uid/gid selection to run application as in Dockerfile
This commit is contained in:
parent
9f66b6701e
commit
a33799c886
GPG Key ID:
1F62396D020F375C
15
Dockerfile
15
Dockerfile
@ -68,6 +68,9 @@ VOLUME ${DATA_PATH}
|
||||
EXPOSE 25565/tcp
|
||||
|
||||
|
||||
ENV GID=988
|
||||
ENV UID=999
|
||||
|
||||
ENV MEMORY=4G
|
||||
ENV PROXY_SECRET=00000000-0000-0000-0000-000000000000
|
||||
|
||||
@ -89,6 +92,13 @@ ENV SKINSRESTORER_DB_PASSWORD=0000
|
||||
WORKDIR ${WORKDIR_PATH}/config
|
||||
|
||||
CMD \
|
||||
# Create and switch to user with desired UID and GID.
|
||||
# All processes that create/change files in ${DATA_PATH}
|
||||
# must be run under this user.
|
||||
groupadd -g ${GID} worker && \
|
||||
useradd -M -g ${GID} -u ${UID} worker && \
|
||||
chmod -R o-rwx ${WORKDIR_PATH} && \
|
||||
|
||||
# Add proxy secret
|
||||
sed -i "s/_PROXY_SECRET_/${PROXY_SECRET}/g" config/paper-global.yml && \
|
||||
|
||||
@ -109,5 +119,8 @@ CMD \
|
||||
sed -i "s/_SKINSRESTORER_DB_USERNAME_/${SKINSRESTORER_DB_USERNAME}/g" plugins/SkinsRestorer/config.yml && \
|
||||
sed -i "s/_SKINSRESTORER_DB_PASSWORD_/${SKINSRESTORER_DB_PASSWORD}/g" plugins/SkinsRestorer/config.yml && \
|
||||
|
||||
# Change UID and GID of used files to desired values.
|
||||
chown -R worker:worker ${WORKDIR_PATH} && \
|
||||
|
||||
# Launch
|
||||
java -Xms${MEMORY} -Xmx${MEMORY} -jar *.jar -nogui
|
||||
su worker -c "java -Xms${MEMORY} -Xmx${MEMORY} -jar *.jar -nogui"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user