From 7604fa7fa05ac19ec3fbfbb8a8d1b23d7037443d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rk=20Guly=C3=A1s?= Date: Sat, 6 Sep 2025 07:00:48 +0200 Subject: [PATCH] Adding USER_ID and GROUP_ID to specify permission without making breaking change (#882) * fixing permissions to be able to run springboot with given UID and GID * Adding USER_ID and GROUP_ID to specify permission without making breaking change * move su exec to start.sh --------- Co-authored-by: Aditya Chandel <8075870+adityachandelgit@users.noreply.github.com> --- Dockerfile | 2 +- README.md | 4 ++-- .../booklore/service/upload/FileUploadService.java | 4 ++-- example-docker/.env | 6 +++--- start.sh | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index bf59ab19..08e6b1e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ RUN gradle clean build -x test # Stage 3: Final image FROM eclipse-temurin:21-jre-alpine -RUN apk update && apk add nginx gettext +RUN apk update && apk add nginx gettext su-exec COPY ./nginx.conf /etc/nginx/nginx.conf COPY --from=angular-build /angular-app/dist/booklore/browser /usr/share/nginx/html diff --git a/README.md b/README.md index 3ae4ffae..e66094cb 100644 --- a/README.md +++ b/README.md @@ -101,8 +101,8 @@ ### 2️⃣ Create docker-compose.yml # image: ghcr.io/booklore-app/booklore:latest container_name: booklore environment: - - PUID=1000 - - PGID=1000 + - USER_ID=0 # Modify this if the volume's ownership is not root + - GROUP_ID=0 # Modify this if the volume's ownership is not root - TZ=Etc/UTC - DATABASE_URL=jdbc:mariadb://mariadb:3306/booklore # Only modify this if you're familiar with JDBC and your database setup - DATABASE_USERNAME=booklore # Must match MYSQL_USER defined in the mariadb container diff --git a/booklore-api/src/main/java/com/adityachandel/booklore/service/upload/FileUploadService.java b/booklore-api/src/main/java/com/adityachandel/booklore/service/upload/FileUploadService.java index d0037019..75d26ec7 100644 --- a/booklore-api/src/main/java/com/adityachandel/booklore/service/upload/FileUploadService.java +++ b/booklore-api/src/main/java/com/adityachandel/booklore/service/upload/FileUploadService.java @@ -64,10 +64,10 @@ public class FileUploadService { private final AdditionalFileMapper additionalFileMapper; private final MonitoringService monitoringService; - @Value("${PUID:0}") + @Value("${PUID:${USER_ID:0}}") private String userId; - @Value("${GUID:0}") + @Value("${PGID:${GROUP_ID:0}}") private String groupId; public Book uploadFile(MultipartFile file, long libraryId, long pathId) throws IOException { diff --git a/example-docker/.env b/example-docker/.env index bf86478f..34e3547f 100644 --- a/example-docker/.env +++ b/example-docker/.env @@ -4,11 +4,11 @@ BOOKLORE_IMAGE_TAG=latest # User and Timezone Settings -# PUID and PGID define the user/group running the container. +# USER_ID and GROUP_ID define the user/group running the backend service. # Avoid using "user" property because system won't work with it. # TZ sets the timezone for correct time-related operations. -PUID=1000 # Default user ID (Check with `id -u` on Linux/Mac) -PGID=1000 # Default group ID (Check with `id -g` on Linux/Mac) +USER_ID=0 # Default root user ID (Check with `id -u` on Linux/Mac) +GROUP_ID=0 # Default root group ID (Check with `id -g` on Linux/Mac) TZ=Etc/UTC # Change this to your timezone (e.g., America/New_York, Asia/Kolkata) # Database Credentials (Replace with a secure password) diff --git a/start.sh b/start.sh index 36e3ab40..fa44bc22 100644 --- a/start.sh +++ b/start.sh @@ -15,4 +15,4 @@ mv "$TMP_CONF" /etc/nginx/nginx.conf nginx -g 'daemon off;' & # Start Spring Boot in foreground -exec java -jar /app/app.jar \ No newline at end of file +su-exec ${USER_ID:-0}:${GROUP_ID:-0} java -jar /app/app.jar \ No newline at end of file