From 518343552f4caa9887ebd86b97b218a7f5047c15 Mon Sep 17 00:00:00 2001
From: 5andr0 <sandro.trianni@gmail.com>
Date: Tue, 31 Mar 2020 20:43:31 +0200
Subject: [PATCH] Proper user&permission management

---
 Dockerfile    |  6 ++++--
 entrypoint.sh | 19 +++++++++++++++++--
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 02d1301..520f92a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,9 +3,11 @@
 # Based on ubuntu
 ################################################################################
 
-FROM debian:10
+FROM debian:stable-slim
 
-MAINTAINER Prosody Developers <developers@prosody.im>
+LABEL maintainer="Prosody Developers <developers@prosody.im>"
+
+RUN groupadd -g 1000 -r prosody && useradd -m -g prosody -u 1000 -r -s /bin/bash prosody
 
 # Install dependencies
 RUN apt-get update \
diff --git a/entrypoint.sh b/entrypoint.sh
index 76f0bb1..484a0c8 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,7 +1,22 @@
 #!/bin/bash
 set -e
 
-usermod -u "$(stat -c %u /var/lib/prosody/.)" prosody
+CHOWN=${CHOWN:-\
+/etc/prosody \
+/var/lib/prosody \
+/var/run/prosody \
+/var/log/prosody \
+/usr/lib/prosody-modules \
+}
+
+if (( EUID == 0 )); then
+	for DIR in $CHOWN
+	do
+		find $DIR \! -user prosody -exec chown prosody '{}' +
+	done
+
+    setpriv --reuid=prosody --regid=prosody --init-groups "$BASH_SOURCE" "$@"
+fi
 
 if [[ "$1" != "prosody" ]]; then
     exec prosodyctl "$@"
@@ -12,4 +27,4 @@ if [ "$LOCAL" -a  "$PASSWORD" -a "$DOMAIN" ] ; then
     prosodyctl register "$LOCAL" "$DOMAIN" "$PASSWORD"
 fi
 
-runuser -u prosody -- "$@"
+exec "$@"