From 798f3f69d5706eb20d6820044471890c1962cbe4 Mon Sep 17 00:00:00 2001
From: Janne Koschinski <janne@kuschku.de>
Date: Mon, 5 Aug 2019 23:02:29 +0200
Subject: [PATCH] run seafile as unprivileged user

---
 Dockerfile | 34 ++++++++++++++++++++++++++--------
 setenv.sh  |  5 -----
 2 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 550ea94..b54c334 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,15 +25,33 @@ RUN pip2 install --upgrade pip && \
     pylibmc \
     django-pylibmc
 
-RUN wget https://download.seadrive.org/seafile-server_7.0.4_x86-64.tar.gz -O /seafile-server.tar.gz && \
-    mkdir /haiwen && \
-    tar xzvf /seafile-server.tar.gz && \
-    rm /seafile-server.tar.gz
-RUN mv /seafile-server-* /haiwen/seafile-server-latest
-RUN rm -rf /haiwen/seafile-server-latest/seahub/media/avatars
-RUN ln -s /haiwen/seahub-data/avatars /haiwen/seafile-server-latest/seahub/media/avatars
-
+# add entrypoints
 ADD setenv.sh /
 ADD docker-entrypoint.sh /
 
+# set environment variables for locale
+ENV LANG=C.UTF-8
+ENV LANGUAGE=C.UTF-8
+ENV LC_ALL=C.UTF-8
+
+# set environment variables for seafile
+ENV ROOTPATH=/haiwen
+ENV INSTALLPATH=$ROOTPATH/seafile-server-latest
+ENV CCNET_CONF_DIR=$ROOTPATH/ccnet
+ENV SEAFILE_CENTRAL_CONF_DIR=$ROOTPATH/conf
+ENV SEAFILE_CONF_DIR=$ROOTPATH/seafile-data
+
+# setup user environment
+RUN addgroup --gid 1000 seafile && \
+    adduser --gid 1000 --uid 1000 --system --shell /bin/bash --home $ROOTPATH seafile
+USER seafile
+VOLUME $SEAFILE_CONF_DIR
+
+RUN wget https://download.seadrive.org/seafile-server_7.0.4_x86-64.tar.gz -O /tmp/seafile-server.tar.gz && \
+    tar -C /tmp/ -xzvf /tmp/seafile-server.tar.gz && \
+    rm /tmp/seafile-server.tar.gz && \
+    mv /tmp/seafile-server-* $INSTALLPATH
+RUN rm -rf $INSTALLPATH/seahub/media/avatars
+RUN ln -s $ROOTPATH/seahub-data/avatars $INSTALLPATH/seahub/media/avatars
+
 ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/setenv.sh b/setenv.sh
index 68bdf66..615beb9 100644
--- a/setenv.sh
+++ b/setenv.sh
@@ -1,6 +1 @@
-export ROOTPATH=/haiwen
-export INSTALLPATH=$ROOTPATH/seafile-server-latest
-export CCNET_CONF_DIR=$ROOTPATH/ccnet
-export SEAFILE_CENTRAL_CONF_DIR=$ROOTPATH/conf
-export SEAFILE_CONF_DIR=$ROOTPATH/seafile-data
 export PYTHONPATH=${INSTALLPATH}/seafile/lib/python2.7/site-packages:${INSTALLPATH}/seafile/lib64/python2.7/site-packages:${INSTALLPATH}/seahub/thirdpart:$PYTHONPATH
-- 
GitLab