From c5209887ccd1eea7aa882ab84218aa993b31b50b Mon Sep 17 00:00:00 2001 From: bunker-admin Date: Thu, 9 Apr 2026 13:14:48 -0600 Subject: [PATCH] =?UTF-8?q?Fix=20gitea-init.sh=20running=20as=20root=20?= =?UTF-8?q?=E2=80=94=20drop=20to=20git=20user=20via=20su-exec?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Gitea Docker entrypoint sets up directories as root then exec's the CMD still as root. Gitea refuses to run as root, so our init script must re-exec itself as the 'git' user via su-exec before running any gitea commands. Bunker Admin --- scripts/gitea-init.sh | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/scripts/gitea-init.sh b/scripts/gitea-init.sh index 07b09d2e..bf9eea49 100755 --- a/scripts/gitea-init.sh +++ b/scripts/gitea-init.sh @@ -6,16 +6,24 @@ # Runs database migrations, creates the admin user (if credentials are provided # and the user doesn't already exist), then starts the Gitea web server. # -# This script is exec'd by /usr/bin/entrypoint, which has already: -# - Set up UID/GID -# - Created directories with correct permissions -# - Converted GITEA__* env vars into /data/gitea/conf/app.ini +# The Gitea entrypoint (/usr/bin/entrypoint) has already: +# - Set up UID/GID, created directories, generated app.ini from GITEA__* env vars +# But it exec's our CMD still as root — Gitea refuses to run as root. +# We must drop to the 'git' user before running any gitea commands. # ============================================================================= set -e PREFIX="[gitea-init]" log() { echo "$PREFIX $1"; } +# Drop privileges: Gitea refuses to run as root. The Docker entrypoint +# sets up directories as root, then exec's the CMD (us) — still as root. +# Re-exec this script as the 'git' user via su-exec. +if [ "$(id -u)" = "0" ]; then + log "Dropping to git user..." + exec su-exec git "$0" "$@" +fi + # --- Step 1: Run database migrations --- log "Running database migrations..." MIGRATE_OK=false