Add permission check and docs for PUID/PGID usage

2023-03-17 11:51:11 -04:00 · 2023-03-17 11:51:11 -04:00 · 3db51a94d6
parent a9c29f158e
commit 3db51a94d6
6 changed files with 29 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -96,6 +96,23 @@ An example of a minimum run configuration to access maloja via `localhost:42010`
 	docker run -p 42010:42010 -v $PWD/malojadata:/mljdata -e MALOJA_DATA_DIRECTORY=/mljdata krateng/maloja
 ```

+#### Linux Host
+
+**NOTE:** If you are using [rootless containers with Podman](https://developers.redhat.com/blog/2020/09/25/rootless-containers-with-podman-the-basics#why_podman_) this DOES NOT apply to you.
+
+If you are running Docker on a **Linux Host** you should specify `user:group` ids of the user who owns the folder on the host machine bound to `MALOJA_DATA_DIRECTORY` in order to avoid [docker file permission problems.](https://ikriv.com/blog/?p=4698) These can be specified using the [environmental variables **PUID** and **PGID**.](https://docs.linuxserver.io/general/understanding-puid-and-pgid)
+
+To get the UID and GID for the current user run these commands from a terminal:
+
+* `id -u` -- prints UID (EX `1000`)
+* `id -g` -- prints GID (EX `1001`)
+
+The modified run command with these variables would look like:
+
+```console
+	docker run -e PUID=1000 -e PGID=1001 -p 42010:42010 -v $PWD/malojadata:/mljdata -e MALOJA_DATA_DIRECTORY=/mljdata krateng/maloja
+```
+
 ### Extras

 * If you'd like to display images, you will need API keys for [Last.fm](https://www.last.fm/api/account/create) and [Spotify](https://developer.spotify.com/dashboard/applications). These are free of charge!
--- a/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/dependencies.d/init-config
+++ b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/dependencies.d/init-config
--- a/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/run
+++ b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/run
@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+
+if [ "$(s6-setuidgid abc id -u)" = "0" ]; then
+   echo "-------------------------------------"
+   echo "WARN: Running as root! If you meant to do this than this message can be ignored."
+   echo "If you are running this container on a *linux* host and are not using podman rootless you SHOULD"
+   echo "change the ENVs PUID and PGID for this container to ensure correct permissions on your config folder."
+   echo -e "See: https://github.com/krateng/maloja#linux-host\n"
+   echo -e "-------------------------------------\n"
+fi
--- a/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/type
+++ b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/type
@ -0,0 +1 @@
+oneshot
--- a/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/up
+++ b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/up
@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-permission-check/run
--- a/container/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permission-check
+++ b/container/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permission-check
				`@ -0,0 +1 @@`
				`/etc/s6-overlay/s6-rc.d/init-permission-check/run`