Merge pull request thijsvanloef#216 from Dashboy1998/removed-root-pro…

…cesses

Removed root processes

Dockerfile

@@ -109,6 +109,10 @@ RUN chmod +x /home/steam/server/*.sh && \
     mv /home/steam/server/restore.sh /usr/local/bin/restore
 
 WORKDIR /home/steam/server
+RUN touch rcon.yaml crontab && \
+    chmod o+w rcon.yaml crontab && \
+    chown steam:steam -R /home/steam && \
+    chmod -R o+w /home/steam/steamcmd
 
 HEALTHCHECK --start-period=5m \
     CMD pgrep "PalServer-Linux" > /dev/null || exit 1

README.md

@@ -160,6 +160,29 @@ All files you will need to deploy this container to kubernetes are located in th
 
 Follow the steps in the [README.md here](k8s/readme.md) to deploy it.
 
+### Running without root
+
+This is only for advanced users
+
+It is possible to run this container and
+[override the default user](https://docs.docker.com/engine/reference/run/#user) which is root in this image.
+
+Because you are specifiying the user and group `PUID` and `PGID` are ignored.
+
+If you want to find your UID: `id -u`
+If you want to find your GID: `id -g`
+
+You must set user to `NUMBERICAL_UID:NUMBERICAL_GID`
+
+Below we assume your UID is 1000 and your GID is 1001
+
+* In docker run add `--user 1000:1001 \` above the last line.
+* In docker compose add `user: 1000:1001` above ports.
+
+If you wish to run it with a different UID/GID than your own you will need to change the ownership of the directory that
+is being bind: `chown UID:GID palworld/`
+or by changing the permissions for all other: `chmod o=rwx palworld/`
+
 #### Using helm chart
 
 The official helm chart can be found in a seperate repository, [palworld-server-chart](https://github.com/Twinki14/palworld-server-chart)

docusaurus/docs/guides/running-without-root.md

@@ -0,0 +1,26 @@
+---
+sidebar_position: 6
+---
+
+# Running without root
+
+This is only for advanced users
+
+It is possible to run this container and
+[override the default user](https://docs.docker.com/engine/reference/run/#user) which is root in this image.
+
+Because you are specifiying the user and group `PUID` and `PGID` are ignored.
+
+If you want to find your UID: `id -u`
+If you want to find your GID: `id -g`
+
+You must set user to `NUMBERICAL_UID:NUMBERICAL_GID`
+
+Below we assume your UID is 1000 and your GID is 1001
+
+* In docker run add `--user 1000:1001 \` above the last line.
+* In docker compose add `user: 1000:1001` above ports.
+
+If you wish to run it with a different UID/GID than your own you will need to change the ownership of the directory that
+is being bind: `chown UID:GID palworld/`
+or by changing the permissions for all other: `chmod o=rwx palworld/`

scripts/init.sh

@@ -2,17 +2,27 @@
 # shellcheck source=/dev/null
 source "/home/steam/server/helper_functions.sh"
 
-if [[ ! "${PUID}" -eq 0 ]] && [[ ! "${PGID}" -eq 0 ]]; then
-    LogAction "EXECUTING USERMOD"
-    usermod -o -u "${PUID}" steam
-    groupmod -o -g "${PGID}" steam
-else
-    LogError "Running as root is not supported, please fix your PUID and PGID!"
+if [[ "$(id -u)" -eq 0 ]] && [[ "$(id -g)" -eq 0 ]]; then
+    if [[ "${PUID}" -ne 0 ]] && [[ "${PGID}" -ne 0 ]]; then
+        LogAction "EXECUTING USERMOD"
+        usermod -o -u "${PUID}" steam
+        groupmod -o -g "${PGID}" steam
+        chown -R steam:steam /palworld /home/steam/
+    else
+        LogError "Running as root is not supported, please fix your PUID and PGID!"
+        exit 1
+    fi
+elif [[ "$(id -u)" -eq 0 ]] || [[ "$(id -g)" -eq 0 ]]; then
+   LogError "Running as root is not supported, please fix your user!"
+   exit 1
+fi
+
+if ! [ -w "/palworld" ]; then
+    LogError "/palworld is not writable."
     exit 1
 fi
 
 mkdir -p /palworld/backups
-chown -R steam:steam /palworld /home/steam/
 
 # shellcheck disable=SC2317
 term_handler() {
@@ -30,7 +40,11 @@ term_handler() {
 
 trap 'term_handler' SIGTERM
 
-su steam -c ./start.sh &
+if [[ "$(id -u)" -eq 0 ]]; then
+    su steam -c ./start.sh &
+else
+    ./start.sh &
+fi
 # Process ID of su
 killpid="$!"
 wait "$killpid"

scripts/start.sh

@@ -102,7 +102,7 @@ else
 fi
 
 LogAction "GENERATING CRONTAB"
-rm -f  "/home/steam/server/crontab"
+truncate -s 0  "/home/steam/server/crontab"
 if [ "${BACKUP_ENABLED,,}" = true ]; then
     LogInfo "BACKUP_ENABLED=${BACKUP_ENABLED,,}"
     LogInfo "Adding cronjob for auto backups"