From e9563c4a87ad992912605d185bd901d1443babe4 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 23 Jan 2020 16:59:10 +0300
Subject: [PATCH] move app user creation to startup scripts run fpm as app user

---
 app/Dockerfile     | 5 +----
 app/startup.sh     | 8 ++++++--
 app/updater.sh     | 5 ++++-
 docker-compose.yml | 7 -------
 4 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/app/Dockerfile b/app/Dockerfile
index eee0e60..d7c57a3 100644
--- a/app/Dockerfile
+++ b/app/Dockerfile
@@ -14,9 +14,6 @@ ADD index.php /
 
 RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf
 
-ARG OWNER_UID
-ARG OWNER_GID
-
-RUN mkdir -p /var/www && addgroup -g ${OWNER_GID} app && adduser -D -h /var/www/html -G app -u ${OWNER_UID} app
+RUN mkdir -p /var/www
 
 CMD /startup.sh
diff --git a/app/startup.sh b/app/startup.sh
index 4d5cd37..95ff947 100755
--- a/app/startup.sh
+++ b/app/startup.sh
@@ -5,6 +5,9 @@ while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	sleep 3
 done
 
+addgroup -g $OWNER_GID app
+adduser -D -h /var/www/html -G app -u $OWNER_UID app
+
 DST_DIR=/var/www/html/tt-rss
 SRC_REPO=https://git.tt-rss.org/fox/tt-rss.git
 
@@ -33,7 +36,8 @@ else
 	  	git pull origin master
 fi
 
-chown -R $OWNER_UID:$OWNER_GID $DST_DIR
+chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
+	/var/log/php7
 
 for d in cache lock feed-icons; do
 	chmod -R 777 $DST_DIR/$d
@@ -72,5 +76,5 @@ fi
 
 touch $DST_DIR/.app_is_ready
 
-exec /usr/sbin/php-fpm7 -F
+sudo -u app /usr/sbin/php-fpm7 -F
 
diff --git a/app/updater.sh b/app/updater.sh
index 2f36f47..f81d83e 100755
--- a/app/updater.sh
+++ b/app/updater.sh
@@ -3,6 +3,9 @@
 # wait for the app container to delete .app_is_ready and perform rsync, etc.
 sleep 30
 
+addgroup -g $OWNER_GID app
+adduser -D -h /var/www/html -G app -u $OWNER_UID app
+
 while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	echo waiting until $DB_HOST is ready...
 	sleep 3
@@ -15,4 +18,4 @@ while [ ! -s $DST_DIR/config.php -a -e $DST_DIR/.app_is_ready ]; do
 	sleep 3
 done
 
-exec /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
+sudo -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
diff --git a/docker-compose.yml b/docker-compose.yml
index 380a5e4..a029ce0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,9 +17,6 @@ services:
     build: 
       context:
         ./app
-      args:
-        - OWNER_UID=${OWNER_UID}
-        - OWNER_GID=${OWNER_GID}
     restart: unless-stopped
     environment:
       - DB_TYPE=pgsql
@@ -39,9 +36,6 @@ services:
     build:
       context:
         ./app
-      args:
-        - OWNER_UID=${OWNER_UID}
-        - OWNER_GID=${OWNER_GID}
     restart: unless-stopped
     environment:
       - DB_TYPE=pgsql
@@ -56,7 +50,6 @@ services:
       - app:/var/www/html
     depends_on:
       - app
-    user: app
     command: /updater.sh
 
   web: