From 590d6712fb81f3d88a756163f182452bef24daca Mon Sep 17 00:00:00 2001 From: Matthijs Abma <4146168+abmaonline@users.noreply.github.com> Date: Sun, 1 Dec 2019 17:56:05 +0100 Subject: [PATCH] Create borg group and add option to set user id and group id explicitly for easier access to host resources --- Dockerfile | 4 ++-- README.md | 10 ++++++++++ data/run.sh | 23 +++++++++++++++++------ 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 30f7021..a682457 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,10 +14,10 @@ ENV DEBIAN_FRONTEND noninteractive RUN apt-get update && apt-get -y --no-install-recommends install \ borgbackup openssh-server && apt-get clean && \ - useradd -s /bin/bash -m borg && \ + useradd -s /bin/bash -m -U borg && \ mkdir /home/borg/.ssh && \ chmod 700 /home/borg/.ssh && \ - chown borg: /home/borg/.ssh && \ + chown borg:borg /home/borg/.ssh && \ mkdir /run/sshd && \ rm -f /etc/ssh/ssh_host*key* && \ rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/* diff --git a/README.md b/README.md index ee0a028..0560555 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,14 @@ borg prune --keep-last 100 --keep-weekly 1 (...) borgserver:/clientA/clientA ``` +#### PUID +Used to set the user id of the `borg` user inside the container. This can be useful when the container has to access resources on the host with a specific user id. + + +#### PGID +Used to set the group id of the `borg` group inside the container. This can be useful when the container has to access resources on the host with a specific group id. + + ### Persistent Storages & Client Configuration We will need two persistent storage directories for our borgserver to be usefull. @@ -118,6 +126,8 @@ services: BORG_SERVE_ARGS: "" BORG_APPEND_ONLY: "no" BORG_ADMIN: "" + PUID: 1000 + PGID: 1000 ``` ### ~/.ssh/config for clients diff --git a/data/run.sh b/data/run.sh index 17046e9..0e360bd 100755 --- a/data/run.sh +++ b/data/run.sh @@ -1,9 +1,20 @@ #!/bin/bash # Start Script for docker-borgserver +PUID=${PUID:-1000} +PGID=${PGID:-1000} + +usermod -o -u "$PUID" borg &>/dev/null +groupmod -o -g "$PGID" borg &>/dev/null + +echo "########################################################" +echo " * User id: $(id -u borg)" +echo " * Group id: $(id -g borg)" + BORG_DATA_DIR=/backup SSH_KEY_DIR=/sshkeys BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}' +AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys # Append only mode? BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no} @@ -47,7 +58,7 @@ echo "########################################################" echo " * Starting SSH-Key import..." # Add every key to borg-users authorized_keys -rm /home/borg/.ssh/authorized_keys &>/dev/null +rm ${AUTHORIZED_KEYS_PATH} &>/dev/null for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do client_name=$(basename ${keyfile}) mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null @@ -63,13 +74,13 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d borg_cmd="${BORG_CMD} --append-only" fi - echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> /home/borg/.ssh/authorized_keys - cat ${keyfile} >> /home/borg/.ssh/authorized_keys + echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH} + cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH} done -chown -R borg: /backup -chown borg: /home/borg/.ssh/authorized_keys -chmod 600 /home/borg/.ssh/authorized_keys +chown -R borg:borg ${BORG_DATA_DIR} +chown borg:borg ${AUTHORIZED_KEYS_PATH} +chmod 600 ${AUTHORIZED_KEYS_PATH} echo "########################################################" echo " * Init done! Starting SSH-Daemon..."