From 016be7b8bdc37ceb034f8e6e257fd2715b7bfcc9 Mon Sep 17 00:00:00 2001 From: thespad Date: Fri, 20 Dec 2024 20:20:49 +0000 Subject: [PATCH] Support nonroot operation --- README.md | 5 +++++ readme-vars.yml | 3 ++- .../s6-rc.d/init-qbittorrent-config/run | 16 +++++++++------- root/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run | 5 +++++ 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index d8403a0e3..6aacf54ae 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,10 @@ Similarly to the WEBUI_PORT, to set the port to 6887 you need to pass -p 6887:68 This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. @@ -157,6 +161,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-v /config` | Contains all relevant configuration files. | | `-v /downloads` | Location of downloads on disk. | | `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | +| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). | ## Environment variables from files (Docker secrets) diff --git a/readme-vars.yml b/readme-vars.yml index cdd14f096..4ff3b309d 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -34,6 +34,7 @@ opt_param_usage_include_vols: true opt_param_volumes: - {vol_path: "/downloads", vol_host_path: "/path/to/downloads", desc: "Location of downloads on disk."} readonly_supported: true +nonroot_supported: true # application setup block app_setup_block_enabled: true app_setup_block: | @@ -47,7 +48,7 @@ app_setup_block: | Due to issues with CSRF and port mapping, should you require to alter the port for the web UI you need to change both sides of the -p 8080 switch AND set the WEBUI_PORT variable to the new port. - For example, to set the port to 8090 you need to set -p 8090:8090 and -e WEBUI_PORT=8090 + For example, to set the port to 8090 you need to set -p 8123:8123 and -e WEBUI_PORT=8123 ### TORRENTING_PORT diff --git a/root/etc/s6-overlay/s6-rc.d/init-qbittorrent-config/run b/root/etc/s6-overlay/s6-rc.d/init-qbittorrent-config/run index 03034247e..25dd5efcf 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-qbittorrent-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-qbittorrent-config/run @@ -9,11 +9,13 @@ if [[ ! -f /config/qBittorrent/qBittorrent.conf ]]; then cp /defaults/qBittorrent.conf /config/qBittorrent/qBittorrent.conf fi -# chown download directory if currently not set to abc -if grep -qe ' /downloads ' /proc/mounts; then - lsiown abc:abc /downloads -fi +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + # chown download directory if currently not set to abc + if grep -qe ' /downloads ' /proc/mounts; then + lsiown abc:abc /downloads + fi -# permissions -lsiown -R abc:abc \ - /config + # permissions + lsiown -R abc:abc \ + /config +fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run b/root/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run index 6dc1a8c27..b5b09c037 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run @@ -11,6 +11,11 @@ if [[ -z ${WEBUI_ADDRESS} ]] || [[ ${WEBUI_ADDRESS} == "*" ]]; then WEBUI_ADDRESS="localhost" fi +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then exec \ s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z ${WEBUI_ADDRESS} ${WEBUI_PORT}" \ s6-setuidgid abc /usr/bin/qbittorrent-nox --webui-port="${WEBUI_PORT}" ${TORRENTING_PORT_ARG} +else + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z ${WEBUI_ADDRESS} ${WEBUI_PORT}" \ + /usr/bin/qbittorrent-nox --webui-port="${WEBUI_PORT}" ${TORRENTING_PORT_ARG} +fi