Gracefully handle cases where the selected USER_ID and/or GROUP_ID exist

See Unidata/tomcat-docker#136
axiom-data-science · Aug 4, 2024 · e5ea208 · e5ea208
1 parent 9e9f178
commit e5ea208
Showing 1 changed file with 14 additions and 6 deletions.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -19,17 +19,25 @@ if [ "$1" = 'start-tomcat.sh' ] || [ "$1" = 'catalina.sh' ]; then
     ###
     # Tomcat user
     ###
-    groupadd -r tomcat -g ${GROUP_ID} && \
-    useradd -u ${USER_ID} -g tomcat \
-        -d ${CATALINA_HOME} -s /sbin/nologin -c "Tomcat user" tomcat
+    # create group for GROUP_ID if one doesn't already exist
+    if ! getent group $GROUP_ID &> /dev/null; then
+      groupadd -r tomcat -g $GROUP_ID
+    fi
+    # create user for USER_ID if one doesn't already exist
+    if ! getent passwd $USER_ID &> /dev/null; then
+      useradd -u $USER_ID -g $GROUP_ID tomcat
+    fi
+    # alter USER_ID with nologin shell and CATALINA_HOME home directory
+    usermod -d "${CATALINA_HOME}" -s /sbin/nologin $(id -u -n $USER_ID)
 
     ###
     # Change CATALINA_HOME ownership to tomcat user and tomcat group
     # Restrict permissions on conf
     ###
 
-    chown -R tomcat:tomcat ${CATALINA_HOME} && chmod 400 ${CATALINA_HOME}/conf/*
-    chown -R tomcat:tomcat /erddapData
+    chown -R $USER_ID:$GROUP_ID ${CATALINA_HOME} && find ${CATALINA_HOME}/conf \
+        -type d -exec chmod 755 {} \; -o -type f -exec chmod 400 {} \;
+    chown -R $USER_ID:$GROUP_ID /erddapData
     sync
 
     ###
@@ -80,7 +88,7 @@ if [ "$1" = 'start-tomcat.sh' ] || [ "$1" = 'catalina.sh' ]; then
       done
     fi
 
-    exec gosu tomcat "$@"
+    exec gosu $USER_ID "$@"
 fi
 
 exec "$@"