From 57ca3785af7b70d28f416a3239754fe633c95ebd Mon Sep 17 00:00:00 2001 From: Rafael Matias Date: Fri, 20 Sep 2024 13:29:47 +0200 Subject: [PATCH 1/2] Update entrypoint script for Dockerfile to only switch user if its running as root Signed-off-by: Rafael Matias --- besu/src/main/scripts/besu-entry.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/besu/src/main/scripts/besu-entry.sh b/besu/src/main/scripts/besu-entry.sh index ed3687b2291..f79a1af14f7 100755 --- a/besu/src/main/scripts/besu-entry.sh +++ b/besu/src/main/scripts/besu-entry.sh @@ -45,5 +45,10 @@ done # Construct the command as a single string COMMAND="/opt/besu/bin/besu $@" -# Switch to the besu user and execute the command -exec su -s /bin/bash $BESU_USER_NAME -c "$COMMAND" +# Check if current user is root +if [ "$(id -u)" -eq 0 ]; then + # Switch to the besu user and execute the command + exec su -s /bin/bash "$BESU_USER_NAME" -c "$COMMAND" +else + exec /bin/bash -c "$COMMAND" +fi From 96dcb6e61885e037f34bffe0af3d1f5a36096428 Mon Sep 17 00:00:00 2001 From: Rafael Matias Date: Mon, 23 Sep 2024 11:10:15 +0200 Subject: [PATCH 2/2] make root user check at the beginning Signed-off-by: Rafael Matias --- besu/src/main/scripts/besu-entry.sh | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/besu/src/main/scripts/besu-entry.sh b/besu/src/main/scripts/besu-entry.sh index f79a1af14f7..ee11bfbffc2 100755 --- a/besu/src/main/scripts/besu-entry.sh +++ b/besu/src/main/scripts/besu-entry.sh @@ -14,6 +14,14 @@ ## SPDX-License-Identifier: Apache-2.0 ## +# Construct the command as a single string +COMMAND="/opt/besu/bin/besu $@" + +# Check if current user is not root. If not, run the command as is. +if [ "$(id -u)" -ne 0 ]; then + exec /bin/bash -c "$COMMAND" +fi + # Run Besu first to get paths needing permission adjustment output=$(/opt/besu/bin/besu --print-paths-and-exit $BESU_USER_NAME "$@") @@ -41,14 +49,5 @@ echo "$output" | while IFS=: read -r prefix path accessType; do fi done -# Finally, run Besu with the actual arguments passed to the container -# Construct the command as a single string -COMMAND="/opt/besu/bin/besu $@" - -# Check if current user is root -if [ "$(id -u)" -eq 0 ]; then - # Switch to the besu user and execute the command - exec su -s /bin/bash "$BESU_USER_NAME" -c "$COMMAND" -else - exec /bin/bash -c "$COMMAND" -fi +# Switch to the besu user and execute the command +exec su -s /bin/bash "$BESU_USER_NAME" -c "$COMMAND"