From 3db51a94d6cff8af93ad6e41b4c33160af6371ea Mon Sep 17 00:00:00 2001
From: FoxxMD <FoxxMD@users.noreply.github.com>
Date: Fri, 17 Mar 2023 11:51:11 -0400
Subject: [PATCH] Add permission check and docs for PUID/PGID usage

---
 README.md                                       | 17 +++++++++++++++++
 .../dependencies.d/init-config                  |  0
 .../s6-rc.d/init-permission-check/run           | 10 ++++++++++
 .../s6-rc.d/init-permission-check/type          |  1 +
 .../s6-overlay/s6-rc.d/init-permission-check/up |  1 +
 .../user/contents.d/init-permission-check       |  0
 6 files changed, 29 insertions(+)
 create mode 100644 container/root/etc/s6-overlay/s6-rc.d/init-permission-check/dependencies.d/init-config
 create mode 100755 container/root/etc/s6-overlay/s6-rc.d/init-permission-check/run
 create mode 100644 container/root/etc/s6-overlay/s6-rc.d/init-permission-check/type
 create mode 100644 container/root/etc/s6-overlay/s6-rc.d/init-permission-check/up
 create mode 100644 container/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permission-check

diff --git a/README.md b/README.md
index ddd59fe..2624cb4 100644
--- a/README.md
+++ b/README.md
@@ -96,6 +96,23 @@ An example of a minimum run configuration to access maloja via `localhost:42010`
 	docker run -p 42010:42010 -v $PWD/malojadata:/mljdata -e MALOJA_DATA_DIRECTORY=/mljdata krateng/maloja
 ```
 
+#### Linux Host
+
+**NOTE:** If you are using [rootless containers with Podman](https://developers.redhat.com/blog/2020/09/25/rootless-containers-with-podman-the-basics#why_podman_) this DOES NOT apply to you.
+
+If you are running Docker on a **Linux Host** you should specify `user:group` ids of the user who owns the folder on the host machine bound to `MALOJA_DATA_DIRECTORY` in order to avoid [docker file permission problems.](https://ikriv.com/blog/?p=4698) These can be specified using the [environmental variables **PUID** and **PGID**.](https://docs.linuxserver.io/general/understanding-puid-and-pgid)
+
+To get the UID and GID for the current user run these commands from a terminal:
+
+* `id -u` -- prints UID (EX `1000`)
+* `id -g` -- prints GID (EX `1001`)
+
+The modified run command with these variables would look like:
+
+```console
+	docker run -e PUID=1000 -e PGID=1001 -p 42010:42010 -v $PWD/malojadata:/mljdata -e MALOJA_DATA_DIRECTORY=/mljdata krateng/maloja
+```
+
 ### Extras
 
 * If you'd like to display images, you will need API keys for [Last.fm](https://www.last.fm/api/account/create) and [Spotify](https://developer.spotify.com/dashboard/applications). These are free of charge!
diff --git a/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/dependencies.d/init-config b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/dependencies.d/init-config
new file mode 100644
index 0000000..e69de29
diff --git a/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/run b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/run
new file mode 100755
index 0000000..a8cdb4e
--- /dev/null
+++ b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/run
@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+
+if [ "$(s6-setuidgid abc id -u)" = "0" ]; then
+   echo "-------------------------------------"
+   echo "WARN: Running as root! If you meant to do this than this message can be ignored."
+   echo "If you are running this container on a *linux* host and are not using podman rootless you SHOULD"
+   echo "change the ENVs PUID and PGID for this container to ensure correct permissions on your config folder."
+   echo -e "See: https://github.com/krateng/maloja#linux-host\n"
+   echo -e "-------------------------------------\n"
+fi
\ No newline at end of file
diff --git a/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/type b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/type
new file mode 100644
index 0000000..bdd22a1
--- /dev/null
+++ b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/type
@@ -0,0 +1 @@
+oneshot
diff --git a/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/up b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/up
new file mode 100644
index 0000000..0e8f49b
--- /dev/null
+++ b/container/root/etc/s6-overlay/s6-rc.d/init-permission-check/up
@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-permission-check/run
diff --git a/container/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permission-check b/container/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-permission-check
new file mode 100644
index 0000000..e69de29