From 4ff077f1518f6726ad7f8863e1a0524a338c0fc8 Mon Sep 17 00:00:00 2001 From: Mike Ryan Date: Sat, 1 Nov 2014 15:20:52 -0500 Subject: [PATCH] Drop privileges before starting server - Create 'minecraft' user account within image. - Drop to 'minecraft' user before starting server. --- minecraft-server/Dockerfile | 2 ++ minecraft-server/start-minecraft.sh | 49 +++++++++++++++++++++++++++ minecraft-server/start.sh | 51 ++--------------------------- 3 files changed, 54 insertions(+), 48 deletions(-) create mode 100755 minecraft-server/start-minecraft.sh diff --git a/minecraft-server/Dockerfile b/minecraft-server/Dockerfile index 64b2ec09..520227e0 100644 --- a/minecraft-server/Dockerfile +++ b/minecraft-server/Dockerfile @@ -7,10 +7,12 @@ RUN update-alternatives --install /usr/bin/js js /usr/bin/js24 100 RUN wget -O /usr/bin/jsawk https://github.com/micha/jsawk/raw/master/jsawk RUN chmod +x /usr/bin/jsawk +RUN useradd -M -s /bin/false minecraft EXPOSE 25565 ADD start.sh /start +ADD start-minecraft.sh /start-minecraft VOLUME ['/data'] ADD server.properties /tmp/server.properties diff --git a/minecraft-server/start-minecraft.sh b/minecraft-server/start-minecraft.sh new file mode 100755 index 00000000..e90fd202 --- /dev/null +++ b/minecraft-server/start-minecraft.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +case $VERSION in + LATEST) + export VERSION=`wget -O - https://s3.amazonaws.com/Minecraft.Download/versions/versions.json | jsawk -n 'out(this.latest.release)'` + ;; + + SNAPSHOT) + export VERSION=`wget -O - https://s3.amazonaws.com/Minecraft.Download/versions/versions.json | jsawk -n 'out(this.latest.snapshot)'` + ;; +esac + +cd /data + +if [ ! -e minecraft_server.$VERSION.jar ]; then + echo "Downloading minecraft_server.$VERSION.jar ..." + wget -q https://s3.amazonaws.com/Minecraft.Download/versions/$VERSION/minecraft_server.$VERSION.jar +fi + +if [ ! -e server.properties ]; then + cp /tmp/server.properties . +fi + +if [ -n "$MOTD" ]; then + sed -i "/motd\s*=/ c motd=$MOTD" /data/server.properties +fi +if [ -n "$LEVEL" ]; then + sed -i "/level-name\s*=/ c level-name=$LEVEL" /data/server.properties +fi +if [ -n "$OPS" ]; then + echo $OPS | awk -v RS=, '{print}' >> ops.txt +fi + +if [ ! -e /data/eula.txt ]; then + if [ "$EULA" != "" ]; then + echo "# Generated via Docker on $(date)" > eula.txt + echo "eula=$EULA" >> eula.txt + else + echo "" + echo "Please accept the Minecraft EULA at" + echo " https://account.mojang.com/documents/minecraft_eula" + echo "by adding the following immediately after 'docker run':" + echo " -e EULA=TRUE" + echo "" + exit 1 + fi +fi + +java $JVM_OPTS -jar minecraft_server.$VERSION.jar diff --git a/minecraft-server/start.sh b/minecraft-server/start.sh index e90fd202..8d842489 100755 --- a/minecraft-server/start.sh +++ b/minecraft-server/start.sh @@ -1,49 +1,4 @@ #!/bin/sh - -case $VERSION in - LATEST) - export VERSION=`wget -O - https://s3.amazonaws.com/Minecraft.Download/versions/versions.json | jsawk -n 'out(this.latest.release)'` - ;; - - SNAPSHOT) - export VERSION=`wget -O - https://s3.amazonaws.com/Minecraft.Download/versions/versions.json | jsawk -n 'out(this.latest.snapshot)'` - ;; -esac - -cd /data - -if [ ! -e minecraft_server.$VERSION.jar ]; then - echo "Downloading minecraft_server.$VERSION.jar ..." - wget -q https://s3.amazonaws.com/Minecraft.Download/versions/$VERSION/minecraft_server.$VERSION.jar -fi - -if [ ! -e server.properties ]; then - cp /tmp/server.properties . -fi - -if [ -n "$MOTD" ]; then - sed -i "/motd\s*=/ c motd=$MOTD" /data/server.properties -fi -if [ -n "$LEVEL" ]; then - sed -i "/level-name\s*=/ c level-name=$LEVEL" /data/server.properties -fi -if [ -n "$OPS" ]; then - echo $OPS | awk -v RS=, '{print}' >> ops.txt -fi - -if [ ! -e /data/eula.txt ]; then - if [ "$EULA" != "" ]; then - echo "# Generated via Docker on $(date)" > eula.txt - echo "eula=$EULA" >> eula.txt - else - echo "" - echo "Please accept the Minecraft EULA at" - echo " https://account.mojang.com/documents/minecraft_eula" - echo "by adding the following immediately after 'docker run':" - echo " -e EULA=TRUE" - echo "" - exit 1 - fi -fi - -java $JVM_OPTS -jar minecraft_server.$VERSION.jar +set -e +chown -R minecraft:minecraft /data +exec su -s /bin/bash -c /start-minecraft minecraft