Create borg group and add option to set user id and group id explicitly for easier access to host resources

2019-12-01 17:56:05 +01:00 · 2019-12-01 17:56:05 +01:00 · 590d6712fb
parent a741486bb3
commit 590d6712fb
3 changed files with 29 additions and 8 deletions
--- a/4
+++ b/4
@ -14,10 +14,10 @@ ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get update && apt-get -y --no-install-recommends install \
 		borgbackup openssh-server && apt-get clean && \
-		useradd -s /bin/bash -m borg && \
+		useradd -s /bin/bash -m -U borg && \
 		mkdir /home/borg/.ssh && \
 		chmod 700 /home/borg/.ssh && \
-		chown borg: /home/borg/.ssh && \
+		chown borg:borg /home/borg/.ssh && \
 		mkdir /run/sshd && \
 		rm -f /etc/ssh/ssh_host*key* && \
 		rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
--- a/README.md
+++ b/README.md
@ -71,6 +71,14 @@ borg prune --keep-last 100 --keep-weekly 1 (...) borgserver:/clientA/clientA
 ```
 #### PUID
 Used to set the user id of the `borg` user inside the container. This can be useful when the container has to access resources on the host with a specific user id.
 #### PGID
 Used to set the group id of the `borg` group inside the container. This can be useful when the container has to access resources on the host with a specific group id.
 ### Persistent Storages & Client Configuration
 We will need two persistent storage directories for our borgserver to be usefull.
@ -118,6 +126,8 @@ services:
   BORG_SERVE_ARGS: ""
   BORG_APPEND_ONLY: "no"
   BORG_ADMIN: ""
   PUID: 1000
   PGID: 1000
 ```
 ### ~/.ssh/config for clients
--- a/data/run.sh
+++ b/data/run.sh
@ -1,9 +1,20 @@
 #!/bin/bash
 # Start Script for docker-borgserver
 PUID=${PUID:-1000}
 PGID=${PGID:-1000}
 usermod -o -u "$PUID" borg &>/dev/null
 groupmod -o -g "$PGID" borg &>/dev/null
 echo "########################################################"
 echo " * User id:  $(id -u borg)"
 echo " * Group id: $(id -g borg)"
 BORG_DATA_DIR=/backup
 SSH_KEY_DIR=/sshkeys
 BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
 AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
 # Append only mode?
 BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
@ -47,7 +58,7 @@ echo "########################################################"
 echo " * Starting SSH-Key import..."
 # Add every key to borg-users authorized_keys
-rm /home/borg/.ssh/authorized_keys &>/dev/null
+rm ${AUTHORIZED_KEYS_PATH} &>/dev/null
 for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do
    client_name=$(basename ${keyfile})
    mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
@ -63,13 +74,13 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d
 		borg_cmd="${BORG_CMD} --append-only"
 	fi
-    echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> /home/borg/.ssh/authorized_keys
+    echo -n "command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
-	cat ${keyfile} >> /home/borg/.ssh/authorized_keys
+	cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
 done
-chown -R borg: /backup
+chown -R borg:borg ${BORG_DATA_DIR}
-chown borg: /home/borg/.ssh/authorized_keys
+chown borg:borg ${AUTHORIZED_KEYS_PATH}
-chmod 600 /home/borg/.ssh/authorized_keys
+chmod 600 ${AUTHORIZED_KEYS_PATH}
 echo "########################################################"
 echo " * Init done! Starting SSH-Daemon..."