Allow to set custom PUID/PGID

Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:experimental
-FROM --platform=${TARGETPLATFORM:-linux/amd64} adoptopenjdk:12-jre-hotspot
+FROM --platform=${TARGETPLATFORM:-linux/amd64} adoptopenjdk:12-jre-hotspot as suexec
 
 ARG BUILD_DATE
 ARG VCS_REF
@@ -9,6 +9,21 @@ ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 RUN printf "I am running on ${BUILDPLATFORM:-linux/amd64}, building for ${TARGETPLATFORM:-linux/amd64}\n$(uname -a)\n"
 
+RUN  apt-get update \
+  && apt-get install -y --no-install-recommends \
+    gcc \
+    libc-dev \
+  && curl -o /usr/local/bin/su-exec.c https://raw.githubusercontent.com/ncopa/su-exec/master/su-exec.c \
+  && gcc -Wall /usr/local/bin/su-exec.c -o/usr/local/bin/su-exec \
+  && chown root:root /usr/local/bin/su-exec \
+  && chmod 0755 /usr/local/bin/su-exec
+
+FROM --platform=${TARGETPLATFORM:-linux/amd64} adoptopenjdk:12-jre-hotspot
+
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+
 LABEL maintainer="CrazyMax" \
   org.label-schema.build-date=$BUILD_DATE \
   org.label-schema.name="jetbrains-license-server" \
@@ -23,7 +38,9 @@ LABEL maintainer="CrazyMax" \
 ENV JLS_PATH="/opt/jetbrains-license-server" \
   JLS_VERSION="21137" \
   JLS_SHA256="05241f0d41644ecc7679a879c829e57d423e151b997b45c5e986d498d6fe2f21" \
-  TZ="UTC"
+  TZ="UTC" \
+  PUID="1000" \
+  PGID="1000"
 
 RUN apt-get update \
   && apt-get install -y \
@@ -38,17 +55,16 @@ RUN apt-get update \
   && rm -f "/tmp/jls.zip" \
   && chmod a+x "$JLS_PATH/bin/license-server.sh" \
   && ln -sf "$JLS_PATH/bin/license-server.sh" "/usr/local/bin/license-server" \
-  && groupadd -f -g 1000 jls \
-  && useradd -o -s /bin/bash -d /data -u 1000 -g 1000 -m jls \
+  && groupadd -f -g ${PGID} jls \
+  && useradd -o -s /bin/bash -d /data -u ${PUID} -g jls -m jls \
   && chown -R jls. /data "$JLS_PATH" \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
+COPY --from=suexec /usr/local/bin/su-exec /usr/local/bin/su-exec
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod a+x /entrypoint.sh
 
-USER jls
-
 EXPOSE 8000
 WORKDIR /data
 VOLUME [ "/data" ]

README.md

@@ -44,34 +44,36 @@ Image: crazymax/jetbrains-license-server:latest
 
 ### Environment variables
 
-* `TZ` : The timezone assigned to the container (default `UTC`)
-* `JLS_VIRTUAL_HOSTS` : [Virtual hosts](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) where license server will be available (comma delimited for several hosts)
-* `JLS_CONTEXT` :  [Context path](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) used by the license server (default `/`)
-* `JLS_ACCESS_CONFIG` : JSON file to configure [user restrictions](https://www.jetbrains.com/help/license_server/configuring_user_restrictions.html) (default `/data/access-config.json`)
-* `JLS_STATS_RECIPIENTS` : [Reports recipients](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) email addresses for stats (comma delimited)
-* `JLS_REPORT_OUT_OF_LICENSE` : [Warn about lack of licenses](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) every hour following the percentage threshold (default `0`)
-* `JLS_SMTP_SERVER` : SMTP server host to use for sending [stats](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html) (stats disabled if empty)
-* `JLS_SMTP_PORT` : SMTP server port (default `25`)
-* `JLS_SMTP_USERNAME` : SMTP username (auth disabled if empty)
-* `JLS_SMTP_PASSWORD` : SMTP password (auth disabled if empty)
-* `JLS_STATS_FROM` : [From address](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) for stats emails
-* `JLS_STATS_TOKEN` : Enables an auth token for the [stats API](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e312) at `/reportApi` (HTTP POST)
+* `TZ`: The timezone assigned to the container (default `UTC`)
+* `PUID`: Process UID (default `1000`)
+* `PGID`: Process GID (default `1000`)
+* `JLS_VIRTUAL_HOSTS`: [Virtual hosts](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) where license server will be available (comma delimited for several hosts)
+* `JLS_CONTEXT`:  [Context path](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) used by the license server (default `/`)
+* `JLS_ACCESS_CONFIG`: JSON file to configure [user restrictions](https://www.jetbrains.com/help/license_server/configuring_user_restrictions.html) (default `/data/access-config.json`)
+* `JLS_STATS_RECIPIENTS`: [Reports recipients](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) email addresses for stats (comma delimited)
+* `JLS_REPORT_OUT_OF_LICENSE`: [Warn about lack of licenses](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) every hour following the percentage threshold (default `0`)
+* `JLS_SMTP_SERVER`: SMTP server host to use for sending [stats](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html) (stats disabled if empty)
+* `JLS_SMTP_PORT`: SMTP server port (default `25`)
+* `JLS_SMTP_USERNAME`: SMTP username (auth disabled if empty)
+* `JLS_SMTP_PASSWORD`: SMTP password (auth disabled if empty)
+* `JLS_STATS_FROM`: [From address](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) for stats emails
+* `JLS_STATS_TOKEN`: Enables an auth token for the [stats API](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e312) at `/reportApi` (HTTP POST)
 
 ### Volumes
 
-* `/data` : Contains [registration data](https://www.jetbrains.com/help/license_server/migrate.html) and configuration
+* `/data`: Contains [registration data](https://www.jetbrains.com/help/license_server/migrate.html) and configuration
 
-> :warning: Note that the volume should be owned by uid `1000` and gid `1000`. If you don't give the volume correct permissions, the container may not start.
+> :warning: Note that the volumes should be owned by the user/group with the specified `PUID` and `PGID`. If you don't give the volume correct permissions, the container may not start.
 
 ### Ports
 
-* `8000` : Jetbrains License Server HTTP port
+* `8000`: Jetbrains License Server HTTP port
 
 ## Use this image
 
 ### Docker Compose
 
-Docker compose is the recommended way to run this image. Copy the content of folder [examples/compose](examples/compose) in `/var/jls/` on your host for example. Edit the compose and env files with your preferences and run the following commands :
+Docker compose is the recommended way to run this image. Copy the content of folder [examples/compose](examples/compose) in `/var/jls/` on your host for example. Edit the compose and env files with your preferences and run the following commands:
 
 ```bash
 touch acme.json
@@ -82,7 +84,7 @@ docker-compose logs -f
 
 ### Command line
 
-You can also use the following minimal command :
+You can also use the following minimal command:
 
 ```bash
 $ docker run -d -p 8000:8000 --name jetbrains_license_server \
@@ -94,7 +96,7 @@ $ docker run -d -p 8000:8000 --name jetbrains_license_server \
 
 ## Update
 
-Recreate the container whenever i push an update :
+Recreate the container whenever I push an update:
 
 ```bash
 docker-compose pull

entrypoint.sh

@@ -6,13 +6,23 @@ JLS_PORT=8000
 JLS_CONTEXT=${JLS_CONTEXT:-/}
 JLS_ACCESS_CONFIG=${JLS_ACCESS_CONFIG:-/data/access-config.json}
 
+if [ -n "${PGID}" ] && [ "${PGID}" != "$(id -g jls)" ]; then
+  echo "Switching to PGID ${PGID}..."
+  sed -i -e "s/^jls:\([^:]*\):[0-9]*/jls:\1:${PGID}/" /etc/group
+  sed -i -e "s/^jls:\([^:]*\):\([0-9]*\):[0-9]*/jls:\1:\2:${PGID}/" /etc/passwd
+fi
+if [ -n "${PUID}" ] && [ "${PUID}" != "$(id -u jls)" ]; then
+  echo "Switching to PUID ${PUID}..."
+  sed -i -e "s/^jls:\([^:]*\):[0-9]*:\([0-9]*\)/jls:\1:${PUID}:\2/" /etc/passwd
+fi
+
 # Init
 echo "Initializing files and folders..."
-touch "/data/access-config.json"
+su-exec jls:jls touch "/data/access-config.json"
 
 # https://www.jetbrains.com/help/license_server/setting_host_and_port.html
 echo "Configuring Jetbrains License Server..."
-license-server configure --listen ${JLS_LISTEN_ADDRESS} --port ${JLS_PORT} --context ${JLS_CONTEXT}
+su-exec jls:jls license-server configure --listen ${JLS_LISTEN_ADDRESS} --port ${JLS_PORT} --context ${JLS_CONTEXT}
 
 # https://www.jetbrains.com/help/license_server/setting_host_and_port.html
 if [ ! -z "$JLS_VIRTUAL_HOSTS" ] ; then
@@ -20,45 +30,48 @@ if [ ! -z "$JLS_VIRTUAL_HOSTS" ] ; then
   for JLS_VIRTUAL_HOST in $(echo ${JLS_VIRTUAL_HOSTS} | tr "," "\n"); do
     echo "-> ${JLS_VIRTUAL_HOST}"
   done
-  license-server configure --jetty.virtualHosts.names=${JLS_VIRTUAL_HOSTS}
+  su-exec jls:jls license-server configure --jetty.virtualHosts.names=${JLS_VIRTUAL_HOSTS}
 fi
 
 # https://www.jetbrains.com/help/license_server/configuring_user_restrictions.html
 if [ -s "$JLS_ACCESS_CONFIG" ]; then
   echo "Enabling user restrictions access from $JLS_ACCESS_CONFIG..."
-  license-server configure --access.config=file:${JLS_ACCESS_CONFIG}
+  su-exec jls:jls license-server configure --access.config=file:${JLS_ACCESS_CONFIG}
 fi
 
 # https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html
 if [ ! -z "$JLS_SMTP_SERVER" -a ! -z "$JLS_STATS_RECIPIENTS" ] ; then
   JLS_SMTP_PORT=${JLS_SMTP_PORT:-25}
   echo "Enabling User Reporting via SMTP at $JLS_SMTP_SERVER:$JLS_SMTP_PORT..."
-  license-server configure --smtp.server ${JLS_SMTP_SERVER} --smtp.server.port ${JLS_SMTP_PORT}
+  su-exec jls:jls license-server configure --smtp.server ${JLS_SMTP_SERVER} --smtp.server.port ${JLS_SMTP_PORT}
 
   if [ ! -z "$JLS_SMTP_USERNAME" -a ! -z "$JLS_SMTP_PASSWORD" ] ; then
     echo "Using SMTP username $JLS_SMTP_USERNAME with password..."
-    license-server configure --smtp.server.username ${JLS_SMTP_USERNAME}
-    license-server configure --smtp.server.password ${JLS_SMTP_PASSWORD}
+    su-exec jls:jls license-server configure --smtp.server.username ${JLS_SMTP_USERNAME}
+    su-exec jls:jls license-server configure --smtp.server.password ${JLS_SMTP_PASSWORD}
   fi
 
   if [ ! -z "$JLS_STATS_FROM" ] ; then
     echo "Setting stats sender to $JLS_STATS_FROM..."
-    license-server configure --stats.from ${JLS_STATS_FROM}
+    su-exec jls:jls license-server configure --stats.from ${JLS_STATS_FROM}
   fi
 
   if [ "$JLS_REPORT_OUT_OF_LICENSE" -gt 0 ]; then
     echo "Setting report out of licence to $JLS_REPORT_OUT_OF_LICENSE%..."
-    license-server configure --reporting.out.of.license.threshold ${JLS_REPORT_OUT_OF_LICENSE}
+    su-exec jls:jls license-server configure --reporting.out.of.license.threshold ${JLS_REPORT_OUT_OF_LICENSE}
   fi
 
   echo "Stats recipients: $JLS_STATS_RECIPIENTS..."
-  license-server configure --stats.recipients ${JLS_STATS_RECIPIENTS}
+  su-exec jls:jls license-server configure --stats.recipients ${JLS_STATS_RECIPIENTS}
 fi
 
 # https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html
 if [ ! -z "$JLS_STATS_TOKEN" ] ; then
   echo "Enabling stats via API at /$JLS_STATS_TOKEN..."
-  license-server configure --reporting.token ${JLS_STATS_TOKEN}
+  su-exec jls:jls license-server configure --reporting.token ${JLS_STATS_TOKEN}
 fi
 
-exec "$@"
+echo "Fixing perms..."
+chown -R jls:jls /data "$JLS_PATH"
+
+exec su-exec jls:jls "$@"