Merge pull request #982 from edgd1er/dev_origin

[Experimental] Add ability to change UID / GID for www-data and pihole user.

Dockerfile

@@ -4,7 +4,7 @@ FROM "${PIHOLE_BASE:-ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim}"
 ARG PIHOLE_DOCKER_TAG
 ENV PIHOLE_DOCKER_TAG "${PIHOLE_DOCKER_TAG}"
 
-ENV S6_OVERLAY_VERSION v2.2.0.3
+ENV S6_OVERLAY_VERSION v2.1.0.2
 
 COPY install.sh /usr/local/bin/install.sh
 ENV PIHOLE_INSTALL /etc/.pihole/automated\ install/basic-install.sh

README.md

@@ -133,6 +133,10 @@ There are other environment variables if you want to customize various things in
 | Variable | Default | Value | Description |
 | -------- | ------- | ----- | ---------- |
 | `DNSMASQ_USER` | unset | `<pihole\|root>` | Allows changing the user that FTLDNS runs as. Default: `pihole`
+| PIHOLE_UID | debian system value | Number | Overrides image's default pihole user id to match a host user id  |
+| PIHOLE_GID | debian system value | Number | Overrides image's default pihole group id to match a host group id |
+| WEB_UID | debian system value | Number | Overrides image's default www-data user id to match a host user id |
+| WEB_GID | debian system value | Number | Overrides image's default www-data group id to match a host group id |
 
 ## Deprecated environment variables:
 While these may still work, they are likely to be removed in a future version. Where applicible, alternative variable names are indicated. Please review the table above for usage of the alternative variables

bash_functions.sh

@@ -23,23 +23,13 @@ prepare_configs() {
     touch "$setupVars"
     set +e
     mkdir -p /var/run/pihole /var/log/pihole
-    # Re-apply perms from basic-install over any volume mounts that may be present (or not)
-    # Also  similar to preflights for FTL https://github.com/pi-hole/pi-hole/blob/master/advanced/Templates/pihole-FTL.service
+    
     chown pihole:root /etc/lighttpd
-    chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" "/var/log/pihole"
-    chmod 644 "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf"
-    if [[ -e "${PI_HOLE_CONFIG_DIR}/pihole-FTL.db" ]]; then
-      chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/pihole-FTL.db"
-      chmod 644 "${PI_HOLE_CONFIG_DIR}/pihole-FTL.db"
-    fi
-    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
-    chown pihole:pihole /var/run/pihole /var/log/pihole
-    test -f /var/run/pihole/FTL.sock && rm /var/run/pihole/FTL.sock
-    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole /var/log/pihole.log
-    if [[ -e /etc/pihole/dhcp.leases ]]; then
-      chown pihole:pihole /etc/pihole/dhcp.leases
-    fi
-    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+    
+    # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole commmand
+    chown -R pihole:root "${PI_HOLE_INSTALL_DIR}"
+    chown pihole:root "${PI_HOLE_BIN_DIR}/pihole"
+    
     set -e
     # Update version numbers
     pihole updatechecker
@@ -289,8 +279,6 @@ setup_ipv4_ipv6() {
 
 test_configs() {
     set -e
-    echo -n '::: Testing pihole-FTL DNS: '
-    sudo -u ${DNSMASQ_USER:-root} pihole-FTL test || exit 1
     echo -n '::: Testing lighttpd config: '
     lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
     set +e

s6/debian-root/etc/cont-init.d/05-changer-uid-gid.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/with-contenv bash
+set -e
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+modifyUser()
+{
+  declare username=${1:-} newId=${2:-}
+  [[ -z ${username} || -z ${newId} ]] && return
+
+  local currentId=$(id -u ${username})
+  [[ ${currentId} -eq ${newId} ]] && return
+
+  echo "Changing ID for user: ${username} (${currentId} => ${newId})"
+  usermod -o -u ${newId} ${username}  
+}
+
+modifyGroup()
+{
+  declare groupname=${1:-} newId=${2:-}
+  [[ -z ${groupname} || -z ${newId} ]] && return
+
+  local currentId=$(id -g ${groupname})
+  [[ ${currentId} -eq ${newId} ]] && return
+
+  echo "Changing ID for group: ${groupname} (${currentId} => ${newId})"
+  groupmod -o -g ${newId} ${groupname}
+}
+
+modifyUser www-data ${WEB_UID}
+modifyGroup www-data ${WEB_GID}
+modifyUser pihole ${PIHOLE_UID}
+modifyGroup pihole ${PIHOLE_GID}

s6/debian-root/etc/services.d/pihole-FTL/run

@@ -4,6 +4,22 @@ s6-echo "Starting pihole-FTL ($FTL_CMD) as ${DNSMASQ_USER}"
 # Remove possible leftovers from previous pihole-FTL processes
 rm -f /dev/shm/FTL-* 2> /dev/null
 rm /run/pihole/FTL.sock 2> /dev/null
+
+# Touch files to ensure they exist (create if non-existing, preserve if existing)
+mkdir -pm 0755 /run/pihole
+touch /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
+
+# Ensure that permissions are set so that pihole-FTL can edit all necessary files
+chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
+chmod 0644 /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole-FTL.log /var/log/pihole.log /etc/pihole/dhcp.leases
+
+# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
+chmod -f 0644 /etc/pihole/macvendor.db
+# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
+chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
+# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
+chmod -f 0664 /etc/pihole/pihole-FTL.db
+
 s6-setuidgid ${DNSMASQ_USER} pihole-FTL $FTL_CMD >/dev/null 2>&1
 
 # Notes on above: