mirror of
https://github.com/pi-hole/docker-pi-hole.git
synced 2024-06-21 06:56:53 +02:00
Merge pull request #982 from edgd1er/dev_origin
[Experimental] Add ability to change UID / GID for www-data and pihole user.
This commit is contained in:
commit
25539a9c99
|
@ -4,7 +4,7 @@ FROM "${PIHOLE_BASE:-ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim}"
|
|||
ARG PIHOLE_DOCKER_TAG
|
||||
ENV PIHOLE_DOCKER_TAG "${PIHOLE_DOCKER_TAG}"
|
||||
|
||||
ENV S6_OVERLAY_VERSION v2.2.0.3
|
||||
ENV S6_OVERLAY_VERSION v2.1.0.2
|
||||
|
||||
COPY install.sh /usr/local/bin/install.sh
|
||||
ENV PIHOLE_INSTALL /etc/.pihole/automated\ install/basic-install.sh
|
||||
|
|
|
@ -133,6 +133,10 @@ There are other environment variables if you want to customize various things in
|
|||
| Variable | Default | Value | Description |
|
||||
| -------- | ------- | ----- | ---------- |
|
||||
| `DNSMASQ_USER` | unset | `<pihole\|root>` | Allows changing the user that FTLDNS runs as. Default: `pihole`
|
||||
| PIHOLE_UID | debian system value | Number | Overrides image's default pihole user id to match a host user id |
|
||||
| PIHOLE_GID | debian system value | Number | Overrides image's default pihole group id to match a host group id |
|
||||
| WEB_UID | debian system value | Number | Overrides image's default www-data user id to match a host user id |
|
||||
| WEB_GID | debian system value | Number | Overrides image's default www-data group id to match a host group id |
|
||||
|
||||
## Deprecated environment variables:
|
||||
While these may still work, they are likely to be removed in a future version. Where applicible, alternative variable names are indicated. Please review the table above for usage of the alternative variables
|
||||
|
|
|
@ -23,23 +23,13 @@ prepare_configs() {
|
|||
touch "$setupVars"
|
||||
set +e
|
||||
mkdir -p /var/run/pihole /var/log/pihole
|
||||
# Re-apply perms from basic-install over any volume mounts that may be present (or not)
|
||||
# Also similar to preflights for FTL https://github.com/pi-hole/pi-hole/blob/master/advanced/Templates/pihole-FTL.service
|
||||
|
||||
chown pihole:root /etc/lighttpd
|
||||
chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" "/var/log/pihole"
|
||||
chmod 644 "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf"
|
||||
if [[ -e "${PI_HOLE_CONFIG_DIR}/pihole-FTL.db" ]]; then
|
||||
chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/pihole-FTL.db"
|
||||
chmod 644 "${PI_HOLE_CONFIG_DIR}/pihole-FTL.db"
|
||||
fi
|
||||
touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
|
||||
chown pihole:pihole /var/run/pihole /var/log/pihole
|
||||
test -f /var/run/pihole/FTL.sock && rm /var/run/pihole/FTL.sock
|
||||
chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole /var/log/pihole.log
|
||||
if [[ -e /etc/pihole/dhcp.leases ]]; then
|
||||
chown pihole:pihole /etc/pihole/dhcp.leases
|
||||
fi
|
||||
chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
|
||||
|
||||
# In case of `pihole` UID being changed, re-chown the pihole scripts and pihole commmand
|
||||
chown -R pihole:root "${PI_HOLE_INSTALL_DIR}"
|
||||
chown pihole:root "${PI_HOLE_BIN_DIR}/pihole"
|
||||
|
||||
set -e
|
||||
# Update version numbers
|
||||
pihole updatechecker
|
||||
|
@ -289,8 +279,6 @@ setup_ipv4_ipv6() {
|
|||
|
||||
test_configs() {
|
||||
set -e
|
||||
echo -n '::: Testing pihole-FTL DNS: '
|
||||
sudo -u ${DNSMASQ_USER:-root} pihole-FTL test || exit 1
|
||||
echo -n '::: Testing lighttpd config: '
|
||||
lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
|
||||
set +e
|
||||
|
|
35
s6/debian-root/etc/cont-init.d/05-changer-uid-gid.sh
Normal file
35
s6/debian-root/etc/cont-init.d/05-changer-uid-gid.sh
Normal file
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/with-contenv bash
|
||||
set -e
|
||||
|
||||
if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
|
||||
set -x ;
|
||||
fi
|
||||
|
||||
modifyUser()
|
||||
{
|
||||
declare username=${1:-} newId=${2:-}
|
||||
[[ -z ${username} || -z ${newId} ]] && return
|
||||
|
||||
local currentId=$(id -u ${username})
|
||||
[[ ${currentId} -eq ${newId} ]] && return
|
||||
|
||||
echo "Changing ID for user: ${username} (${currentId} => ${newId})"
|
||||
usermod -o -u ${newId} ${username}
|
||||
}
|
||||
|
||||
modifyGroup()
|
||||
{
|
||||
declare groupname=${1:-} newId=${2:-}
|
||||
[[ -z ${groupname} || -z ${newId} ]] && return
|
||||
|
||||
local currentId=$(id -g ${groupname})
|
||||
[[ ${currentId} -eq ${newId} ]] && return
|
||||
|
||||
echo "Changing ID for group: ${groupname} (${currentId} => ${newId})"
|
||||
groupmod -o -g ${newId} ${groupname}
|
||||
}
|
||||
|
||||
modifyUser www-data ${WEB_UID}
|
||||
modifyGroup www-data ${WEB_GID}
|
||||
modifyUser pihole ${PIHOLE_UID}
|
||||
modifyGroup pihole ${PIHOLE_GID}
|
|
@ -4,6 +4,22 @@ s6-echo "Starting pihole-FTL ($FTL_CMD) as ${DNSMASQ_USER}"
|
|||
# Remove possible leftovers from previous pihole-FTL processes
|
||||
rm -f /dev/shm/FTL-* 2> /dev/null
|
||||
rm /run/pihole/FTL.sock 2> /dev/null
|
||||
|
||||
# Touch files to ensure they exist (create if non-existing, preserve if existing)
|
||||
mkdir -pm 0755 /run/pihole
|
||||
touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
|
||||
|
||||
# Ensure that permissions are set so that pihole-FTL can edit all necessary files
|
||||
chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
|
||||
chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
|
||||
|
||||
# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
|
||||
chmod -f 0644 /etc/pihole/macvendor.db
|
||||
# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
|
||||
chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
|
||||
# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
|
||||
chmod -f 0664 /etc/pihole/pihole-FTL.db
|
||||
|
||||
s6-setuidgid ${DNSMASQ_USER} pihole-FTL $FTL_CMD >/dev/null 2>&1
|
||||
|
||||
# Notes on above:
|
||||
|
|
Loading…
Reference in New Issue
Block a user