Use user primary group if not root (#292)

* Use user primary group if not root * Do not run getent on MacOS * Simplify UID/GID management * Create uid.env if it does not exist * Populate uid.env if it's empty
2025-12-25 20:53:16 +00:00 · 2018-05-29 23:18:48 +02:00
parent 1ead0af77e
commit ec89c36ca0
11 changed files with 165 additions and 394 deletions
--- a/util/Setup/EnvironmentFileBuilder.cs
+++ b/util/Setup/EnvironmentFileBuilder.cs
@@ -172,7 +172,10 @@ SA_PASSWORD=SECRET
            Helpers.Exec("chmod 600 /bitwarden/env/mssql.override.env");

            // Empty uid env file. Only used on Linux hosts.
-            using(var sw = File.CreateText("/bitwarden/env/uid.env")) { }
+            if(!File.Exists("/bitwarden/env/uid.env"))
+            {
+                using(var sw = File.CreateText("/bitwarden/env/uid.env")) { }
+            }
        }
    }
 }
--- a/util/Setup/entrypoint.sh
+++ b/util/Setup/entrypoint.sh
@@ -5,52 +5,27 @@
 GROUPNAME="bitwarden"
 USERNAME="bitwarden"

-CURRENTGID=`getent group $GROUPNAME | cut -d: -f3`
-LGID=${LOCAL_GID:-999}
+LUID=${LOCAL_UID:-0}
+LGID=${LOCAL_GID:-0}

-NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?`
-LUID=${LOCAL_UID:-999}
+# Step down from host root to well-known nobody/nogroup user

-# Step down from host root
-
-if [ $LGID == 0 ]
+if [ $LUID -eq 0 ]
 then
-    LGID=999
+    LUID=65534
+fi
+if [ $LGID -eq 0 ]
+then
+    LGID=65534
 fi

-if [ $LUID == 0 ]
-then
-    LUID=999
-fi
+# Create user and group

-# Create group
-
-if [ $CURRENTGID ]
-then
-    if [ "$CURRENTGID" != "$LGID" ]
-    then
-        groupmod -g $LGID $GROUPNAME
-    fi
-else
-    groupadd -g $LGID $GROUPNAME
-fi
-
-# Create user and assign group
-
-if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ]
-then
-    usermod -u $LUID $USERNAME
-elif [ $NOUSER == 1 ]
-then
-    useradd -r -u $LUID -g $GROUPNAME $USERNAME
-fi
-
-# Make home directory for user
-
-if [ ! -d "/home/$USERNAME" ]
-then
-    mkhomedir_helper $USERNAME
-fi
+groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
+groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
+useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
+usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
+mkhomedir_helper $USERNAME

 # The rest...