From 0d6395515890280c29ee2402c03b1ee81bde3bab Mon Sep 17 00:00:00 2001 From: Rafael Matias Date: Mon, 23 Sep 2024 14:34:20 +0200 Subject: [PATCH] Docker: Only switch user if the current user is root (#7654) * Update entrypoint script for Dockerfile to only switch user if its running as root Signed-off-by: Rafael Matias * make root user check at the beginning Signed-off-by: Rafael Matias --------- Signed-off-by: Rafael Matias --- besu/src/main/scripts/besu-entry.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/besu/src/main/scripts/besu-entry.sh b/besu/src/main/scripts/besu-entry.sh index ed3687b2291..ee11bfbffc2 100755 --- a/besu/src/main/scripts/besu-entry.sh +++ b/besu/src/main/scripts/besu-entry.sh @@ -14,6 +14,14 @@ ## SPDX-License-Identifier: Apache-2.0 ## +# Construct the command as a single string +COMMAND="/opt/besu/bin/besu $@" + +# Check if current user is not root. If not, run the command as is. +if [ "$(id -u)" -ne 0 ]; then + exec /bin/bash -c "$COMMAND" +fi + # Run Besu first to get paths needing permission adjustment output=$(/opt/besu/bin/besu --print-paths-and-exit $BESU_USER_NAME "$@") @@ -41,9 +49,5 @@ echo "$output" | while IFS=: read -r prefix path accessType; do fi done -# Finally, run Besu with the actual arguments passed to the container -# Construct the command as a single string -COMMAND="/opt/besu/bin/besu $@" - # Switch to the besu user and execute the command -exec su -s /bin/bash $BESU_USER_NAME -c "$COMMAND" +exec su -s /bin/bash "$BESU_USER_NAME" -c "$COMMAND"