minio/dockerscripts/docker-entrypoint.sh

#!/bin/sh
#
# MinIO Cloud Storage, (C) 2019 MinIO, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

export MINIO_USERNAME=${MINIO_USERNAME:-"minio"}
export MINIO_GROUPNAME=${MINIO_GROUPNAME:-"minio"}

# If command starts with an option, prepend minio.
if [ "${1}" != "minio" ]; then
    if [ -n "${1}" ]; then
        set -- minio "$@"
    fi
fi

## Look for docker secrets in default documented location.
docker_secrets_env() {
    ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
    SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"

    if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
        if [ -f "$ACCESS_KEY_FILE" ]; then
            MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
            export MINIO_ACCESS_KEY
        fi
        if [ -f "$SECRET_KEY_FILE" ]; then
            MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
            export MINIO_SECRET_KEY
        fi
    fi
}

## Create UID/GID based on available environment variables.
docker_set_uid_gid() {
    addgroup -S "$MINIO_GROUPNAME" >/dev/null 2>&1 && \
        adduser -S -G "$MINIO_GROUPNAME" "$MINIO_USERNAME" >/dev/null 2>&1
}

# su-exec to requested user, if user cannot be requested
# existing user is used automatically.
docker_switch_user() {
    owner=$(check-user "$@")
    if [ "${owner}" != "${MINIO_USERNAME}:${MINIO_GROUPNAME}" ]; then
        ## Print the message only if we are not using non-default username:groupname.
        if [ "${MINIO_USERNAME}:${MINIO_GROUPNAME}" != "minio:minio" ]; then
            echo "Requested username/group ${MINIO_USERNAME}:${MINIO_GROUPNAME} cannot be used"
            echo "Found existing data with user ${owner}, we will continue and use ${owner} instead."
            return
        fi
    fi
    # check if su-exec is allowed, if yes proceed proceed.
    if su-exec "${owner}" "/bin/ls" >/dev/null 2>&1; then
        exec su-exec "${owner}" "$@"
    fi
    # fallback
    exec "$@"
}

## Set access env from secrets if necessary.
docker_secrets_env

## User Input UID and GID
docker_set_uid_gid

## Switch to user if applicable.
docker_switch_user "$@"
docker: Support docker swarm secrets. (#3977) Fixes #3896 8 years ago			`#!/bin/sh`
			`#`
Add support for customizable user (#7569) 6 years ago			`# MinIO Cloud Storage, (C) 2019 MinIO, Inc.`
docker: Support docker swarm secrets. (#3977) Fixes #3896 8 years ago			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`#`

Add support for customizable user (#7569) 6 years ago			`export MINIO_USERNAME=${MINIO_USERNAME:-"minio"}`
			`export MINIO_GROUPNAME=${MINIO_GROUPNAME:-"minio"}`

Add waiting on hosts in docker entrypoint for distributed setups. (#4244) Thanks to Remco Verhoef <remco@dutchcoders.io> for the script. Fixes #4225 8 years ago			`# If command starts with an option, prepend minio.`
docker: Support docker swarm secrets. (#3977) Fixes #3896 8 years ago			`if [ "${1}" != "minio" ]; then`
			`if [ -n "${1}" ]; then`
			`set -- minio "$@"`
			`fi`
			`fi`

Add waiting on hosts in docker entrypoint for distributed setups. (#4244) Thanks to Remco Verhoef <remco@dutchcoders.io> for the script. Fixes #4225 8 years ago			`## Look for docker secrets in default documented location.`
			`docker_secrets_env() {`
Add support for customizable user (#7569) 6 years ago			`ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"`
			`SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"`
docker: Support docker swarm secrets. (#3977) Fixes #3896 8 years ago
Add support for customizable user (#7569) 6 years ago			`if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then`
			`if [ -f "$ACCESS_KEY_FILE" ]; then`
			`MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"`
			`export MINIO_ACCESS_KEY`
			`fi`
			`if [ -f "$SECRET_KEY_FILE" ]; then`
			`MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"`
			`export MINIO_SECRET_KEY`
docker: Support docker swarm secrets. (#3977) Fixes #3896 8 years ago			`fi`
Add support for customizable user (#7569) 6 years ago			`fi`
			`}`

			`## Create UID/GID based on available environment variables.`
			`docker_set_uid_gid() {`
			`addgroup -S "$MINIO_GROUPNAME" >/dev/null 2>&1 && \`
			`adduser -S -G "$MINIO_GROUPNAME" "$MINIO_USERNAME" >/dev/null 2>&1`
			`}`

			`# su-exec to requested user, if user cannot be requested`
			`# existing user is used automatically.`
			`docker_switch_user() {`
			`owner=$(check-user "$@")`
			`if [ "${owner}" != "${MINIO_USERNAME}:${MINIO_GROUPNAME}" ]; then`
			`## Print the message only if we are not using non-default username:groupname.`
			`if [ "${MINIO_USERNAME}:${MINIO_GROUPNAME}" != "minio:minio" ]; then`
			`echo "Requested username/group ${MINIO_USERNAME}:${MINIO_GROUPNAME} cannot be used"`
			`echo "Found existing data with user ${owner}, we will continue and use ${owner} instead."`
			`return`
docker: Support docker swarm secrets. (#3977) Fixes #3896 8 years ago			`fi`
			`fi`
Allow su-exec to fail when users explicity use --user (#7776) This allows MinIO containers to run properly without expecting higher privileges in situations where following restrictions on containers are used - docker run --user uid:gid - docker-compose up (with docker-compose.yml with user) ```yml ... user: "1001:1001" command: minio server /data ... ``` - All openshift containers Fixes #7773 6 years ago			`# check if su-exec is allowed, if yes proceed proceed.`
			`if su-exec "${owner}" "/bin/ls" >/dev/null 2>&1; then`
			`exec su-exec "${owner}" "$@"`
			`fi`
			`# fallback`
			`exec "$@"`
docker: Support docker swarm secrets. (#3977) Fixes #3896 8 years ago			`}`

Add waiting on hosts in docker entrypoint for distributed setups. (#4244) Thanks to Remco Verhoef <remco@dutchcoders.io> for the script. Fixes #4225 8 years ago			`## Set access env from secrets if necessary.`
			`docker_secrets_env`

Add support for customizable user (#7569) 6 years ago			`## User Input UID and GID`
			`docker_set_uid_gid`

			`## Switch to user if applicable.`
			`docker_switch_user "$@"`