Docker nonroot (#1650)

* Added PUID, PGID and KAVITAUSER variable support in entrypoint.sh * Update the setting of ownership to avoid changing library files * Default to run as root, using user kavita if alternate UID/GID are provided * Only chown config folder and only if needed * Revert chmod on Kavita Co-authored-by: Muggz <mug@passw0rd.org>
2025-07-09 03:04:19 -04:00 · 2023-01-04 15:38:33 -08:00 · 2023-01-04 15:38:33 -08:00 · 6c1776c027
commit 6c1776c027
parent ca649aa852
1 changed files with 35 additions and 1 deletions
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,5 +1,19 @@
 #! /bin/bash

+# Set default UID and GID for Kavita but allow overrides
+PUID=${PUID:-0}
+PGID=${PGID:-0}
+
+# Add Kavita group if it doesn't already exist
+if [[ -z "$(getent group "$PGID" | cut -d':' -f1)" ]]; then
+    groupadd -o -g "$PGID" kavita
+fi
+
+# Add Kavita user if it doesn't already exist
+if [[ -z "$(getent passwd "$PUID" | cut -d':' -f1)" ]]; then
+    useradd -o -u "$PUID" -g "$PGID" -d /kavita kavita
+fi
+
 if [ ! -f "/kavita/config/appsettings.json" ]; then
    echo "Kavita configuration file does not exist, creating..."
    echo '{
@ -10,4 +24,24 @@ fi

 chmod +x Kavita

-./Kavita
+if [[ "$PUID" -eq 0 ]]; then
+    # Run as root
+    ./Kavita
+else
+    # Set ownership on config dir if running non-root and current ownership is different
+    if [[ ! "$(stat -c %u /kavita/config)" = "$PUID" ]]; then
+        echo "Specified PUID differs from Kavita config dir ownership, updating permissions now..."
+        if [[ ! "$(stat -c %g /kavita/config)" = "$PGID" ]]; then
+            chown -R "$PUID":"$PGID" /kavita/config
+        else
+            chown -R "$PUID" /kavita/config
+        fi
+
+    elif [[ ! "$(stat -c %g /kavita/config)" = "$PGID" ]]; then
+        echo "Specified PGID differs from Kavita config dir ownership, updating permissions now..."
+        chgrp -R "$PGID" /kavita/config
+    fi
+
+    # Run as non-root user
+    su -l kavita -c ./Kavita
+fi