From 3102e36a451ac3d0c86b8d42d4db04b9c3c4ba18 Mon Sep 17 00:00:00 2001
From: Benedikt Heine <bebe@bebehei.de>
Date: Fri, 20 Jul 2018 15:45:40 +0200
Subject: [PATCH] dockerfile: Create a dedicated syncthing user (#5072)

A dedicated user is necessary to create relative references via
~/<folder> or $HOME/<folder>. Having the syncthing process just running
under a unprivileged UID/GID, will remove the home folder relation and
therefore will result in nonexistent shares after update.

Signed-off-by: Benedikt Heine <bebe@bebehei.de>
---
 Dockerfile | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c57768601..faf1a44e9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,11 +21,30 @@ COPY --from=builder /go/src/github.com/syncthing/syncthing/syncthing /bin/syncth
 RUN apk add --no-cache su-exec
 
 ENV STNOUPGRADE=1
+ENV PUSR=syncthing
 ENV PUID=1000
+ENV PGRP=syncthing
 ENV PGID=1000
 
 HEALTHCHECK --interval=1m --timeout=10s \
   CMD nc -z localhost 8384 || exit 1
 
-ENTRYPOINT chown $PUID:$PGID /var/syncthing \
-    && su-exec $PUID:$PGID /bin/syncthing -home /var/syncthing/config -gui-address 0.0.0.0:8384
+ENTRYPOINT true \
+ && ( getent group "${PGRP}" >/dev/null \
+      || addgroup \
+          -g "${PGID}" \
+          "${PGRP}" \
+    ) \
+ && ( getent passwd "${PUSR}" >/dev/null \
+      || adduser \
+          -h /var/syncthing \
+          -G "${PGRP}" \
+          -u "${PUID}" \
+          "${PUSR}" \
+    ) \
+ && chown "${PUSR}:${PGRP}" /var/syncthing \
+ && su-exec "${PUSR}:${PGRP}" \
+     /bin/syncthing \
+       -home /var/syncthing/config \
+       -gui-address 0.0.0.0:8384 \
+ && true