From d2fa174c8f98d89ede580cf5d1b8647af4241438 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Tue, 26 Sep 2023 21:39:49 +0200
Subject: [PATCH] set runner user of web service

---
 docker/Dockerfile                 |  5 +++--
 docker/scripts/entry-point-dev.sh | 11 ++++++++---
 docker/scripts/entry-point.sh     | 10 +++++++++-
 docker/scripts/release.sh         |  4 ++--
 4 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index cfa360e..c5c2ad8 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -2,7 +2,7 @@ FROM ubuntu:focal AS mapg_base
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN apt update --fix-missing && apt install -y curl git unzip mariadb-client nginx \
+RUN apt update --fix-missing && apt install -y sudo curl git unzip mariadb-client nginx \
     php-apcu php7.4-cli php7.4-curl php7.4-fpm php7.4-mbstring php7.4-mysql php7.4-zip php7.4-xml
 
 RUN mkdir -p /run/php
@@ -30,6 +30,7 @@ EXPOSE 8090
 EXPOSE 9229
 ENTRYPOINT docker/scripts/entry-point-dev.sh
 
+
 FROM mapg_base AS mapg_release
 
 RUN apt update --fix-missing && apt install -y cron
@@ -37,7 +38,7 @@ RUN apt update --fix-missing && apt install -y cron
 WORKDIR /var/www/mapguesser
 COPY ./ /var/www/mapguesser
 RUN docker/scripts/release.sh &&\
-    rm -rf /var/www/mapguesser/.git /var/www/mapguesser/.env
+    rm -rf /var/www/mapguesser/.git
 
 EXPOSE 80
 EXPOSE 8090
diff --git a/docker/scripts/entry-point-dev.sh b/docker/scripts/entry-point-dev.sh
index 26c43ca..e1254a0 100755
--- a/docker/scripts/entry-point-dev.sh
+++ b/docker/scripts/entry-point-dev.sh
@@ -2,8 +2,6 @@
 
 set -e
 
-chmod 777 cache
-
 echo "Installing Composer packages..."
 if [ -f .env ]; then
     composer install
@@ -20,11 +18,18 @@ echo "Installing Yarn packages..."
 echo "Migrating DB..."
 ./mapg db:migrate
 
+echo "Set runner user based on owner of .env..."
+USER_UID=$(stat -c "%u" .env)
+USER_GID=$(stat -c "%g" .env)
+groupadd --gid $USER_GID mapg
+useradd --uid $USER_UID --gid $USER_GID mapg
+sed -i -e "s/^user = .*$/user = mapg/g" -e "s/^group = .*$/group = mapg/g" /etc/php/7.4/fpm/pool.d/www.conf
+
 set +e
 
 /usr/sbin/php-fpm7.4 -F &
 /usr/sbin/nginx -g 'daemon off;' &
-/usr/bin/node --inspect=0.0.0.0:9229 multi &
+sudo -u mapg -g mapg /usr/bin/node --inspect=0.0.0.0:9229 multi &
 
 wait -n
 
diff --git a/docker/scripts/entry-point.sh b/docker/scripts/entry-point.sh
index 59de3bb..15e2316 100755
--- a/docker/scripts/entry-point.sh
+++ b/docker/scripts/entry-point.sh
@@ -8,12 +8,20 @@ echo "Migrating DB..."
 echo "Installing crontab..."
 /usr/bin/crontab docker/scripts/cron
 
+echo "Set runner user..."
+USER_UID=$(stat -c "%u" .env)
+USER_GID=$(stat -c "%g" .env)
+groupadd --gid $USER_GID mapg
+useradd --uid $USER_UID --gid $USER_GID mapg
+chown mapg:mapg cache
+sed -i -e "s/^user = .*$/user = mapg/g" -e "s/^group = .*$/group = mapg/g" /etc/php/7.4/fpm/pool.d/www.conf
+
 set +e
 
 /usr/sbin/cron -f &
 /usr/sbin/php-fpm7.4 -F &
 /usr/sbin/nginx -g 'daemon off;' &
-/usr/bin/node multi &
+sudo -u mapg -g mapg /usr/bin/node multi &
 
 wait -n
 
diff --git a/docker/scripts/release.sh b/docker/scripts/release.sh
index 27aad4b..7cd2c66 100755
--- a/docker/scripts/release.sh
+++ b/docker/scripts/release.sh
@@ -2,8 +2,6 @@
 
 set -e
 
-chmod 777 cache
-
 echo "Installing Composer packages..."
 composer create-project --no-dev
 
@@ -28,3 +26,5 @@ find public/static/img -type f -iname '*.svg' -exec svgo {} -o {} \;
 
 echo "Linking view files..."
 ./mapg view:link
+
+rm .env