ADD: run imapfilter as a user not root

2024-01-10 20:46:12 +01:00 · 2024-01-10 20:46:12 +01:00 · ad9f7c30d6
commit ad9f7c30d6
parent aea097240e
2 changed files with 14 additions and 2 deletions
--- a/12
+++ b/12
@ -18,8 +18,20 @@ RUN mkdir -p /usr/local/share/imapfilter

 COPY --from=builder /src/imapfilter/src/imapfilter /usr/local/bin/
 COPY --from=builder /src/imapfilter/src/*.lua /usr/local/share/imapfilter/
+
+# ensure every user can run imapfilter
+RUN chmod a+x /usr/local/bin/imapfilter
+
 ADD scripts/entryPoint.sh /entryPoint.sh

 RUN chmod +x /entryPoint.sh

+# add a user for running imapfilter in the container
+RUN addgroup imapfilter && adduser -D -G imapfilter imapfilter
+# ensure a homedirectory for the user exists and has correct access rights
+RUN mkdir -p /home/imapfilter && chown imapfilter.imapfilter /home/imapfilter
+
+# run everything as the imapfilter user
+USER imapfilter
+
 ENTRYPOINT ["/sbin/tini", "--", "/entryPoint.sh"]
--- a/scripts/entryPoint.sh
+++ b/scripts/entryPoint.sh
@ -1,9 +1,9 @@
 #!/bin/bash

-export IMAPFILTER_HOME=/imapfilter/
+export IMAPFILTER_HOME=/home/imapfilter/

 if [ ! -e ${IMAPFILTER_HOME}/config.lua ]; then
-    echo "please provide a config.lua from a configmap"
+    echo "please provide a config.lua from a configmap or bindmount to ${IMAPFILTER_HOME}/config.lua"
    exit 255
 fi