Added UID and GID environment variables to allow execution as non-root

user

fixes #2

Dockerfile

@@ -1,16 +1,28 @@
 FROM alpine:latest
 
-RUN apk add --update \
+RUN addgroup -S app && adduser -S -G app app
-    sqlite
 
-COPY start.sh backup.sh /
+RUN apk add --no-cache \
+    sqlite \
+    busybox-suid \
+    su-exec
 
 ENV DB_FILE /data/db.sqlite3
-ENV BACKUP_FILE /data/db-backup/backup.sqlite3
+ENV BACKUP_FILE /data/db_backup/backup.sqlite3
 ENV CRON_TIME "0 5 * * *"
 ENV TIMESTAMP false
+ENV UID 100
+ENV GID 100
+ENV CRONFILE /etc/crontabs/root
+ENV LOGFILE /app/log/backup.log
 
-RUN chmod 700 /start.sh /backup.sh
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY backup.sh /app/
 
-CMD /start.sh
+RUN mkdir /app/log/ \
+    && chown -R app:app /app/ \
+    && chmod -R 777 /app/ \
+    && chmod +x /usr/local/bin/entrypoint.sh 
+#    && echo "\$CRON_TIME \$BACKUP_CMD >> \$LOGFILE 2>&1" | crontab -
 
+ENTRYPOINT ["entrypoint.sh"]

README.md

@@ -35,7 +35,11 @@ docker run --rm --volumes-from=bitwarden bruceforce/bw_backup sqlite3 $DB_FILE "
 ## Environment variables
 | ENV | Description |
 | ----- | ----- |
-| DB_FILE | Path to the Bitwarden sqlite3 database |
+| DB_FILE | Path to the Bitwarden sqlite3 database *inside* the container |
-| BACKUP_FILE | Path to the desired backup location |
+| BACKUP_FILE | Path to the desired backup location *inside* the container |
 | CRON_TIME | Cronjob format "Minute Hour Day_of_month Month_of_year Day_of_week Year" |
 | TIMESTAMP | Set to `true` to append timestamp to the `BACKUP_FILE` |
+| UID | User ID to run the cron job with |
+| GID | Group ID to run the cron job with |
+| LOGFILE | Path to the logfile *inside* the container |
+| CRONFILE | Path to the cron file *inside* the container |

entrypoint.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#set -ux
+
+BACKUP_CMD="/sbin/su-exec ${UID}:${GID} /app/backup.sh"
+
+echo "Running as $(id)"
+if [ "$(id -u)" -eq 0 ] && [ "$(grep -c "$BACKUP_CMD" "$CRONFILE")" -eq 0 ]; then
+  echo "Initalizing..."
+  echo "$CRON_TIME $BACKUP_CMD >> $LOGFILE 2>&1" | crontab -
+
+  # Start crond if it's not running
+  pgrep crond > /dev/null 2>&1
+  if [ $? -ne 0 ]; then
+    /usr/sbin/crond -L /app/log/cron.log
+  fi
+fi
+
+# Restart script as user "app:app"
+if [ "$(id -u)" -eq 0 ]; then
+  exec su-exec app:app "$0" "$@"
+fi
+
+if [ ! -e "$DB_FILE" ]
+then 
+  echo "Database $DB_FILE not found!\nPlease check if you mounted the bitwarden_rs volume with '--volumes-from=bitwarden'"!
+  exit 1;
+fi
+
+echo "$(date "+%F %T") - Container started" > "$LOGFILE"
+tail -F "$LOGFILE" /app/log/cron.log

start.sh

@@ -1,28 +0,0 @@
-#!/bin/sh
-
-DB_FILE=$DB_FILE
-BACKUP_FILE=$BACKUP_FILE
-CRON_TIME=$CRON_TIME
-BACKUP_CMD=/backup.sh #'/usr/bin/sqlite3 '"$DB_FILE"' ".backup '"$BACKUP_FILE"'"'
-CRONFILE=/etc/crontabs/root
-LOGFILE=/var/log/backup.log
-
-if [ ! -e "$DB_FILE" ]
-then 
-  echo "Database $DB_FILE not found!\nPlease check if you mounted the bitwarden_rs volume with '--volumes-from=bitwarden'"!
-  exit 1;
-fi
-
-if [ $(grep -c "$BACKUP_CMD" "$CRONFILE") -eq 0 ]
-then
-  echo "$CRON_TIME $BACKUP_CMD >> $LOGFILE" >> "$CRONFILE"
-fi
-
-pgrep crond > /dev/null 2>&1
-if [ $? -ne 0 ]
-then
-  /usr/sbin/crond -L /var/log/cron.log
-fi
-
-echo "$(date "+%F %T") - Container started" > "$LOGFILE"
-tail -F "$LOGFILE"