Add support for customizable user (#7569)

dockerscripts/docker-entrypoint.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# MinIO Cloud Storage, (C) 2017 MinIO, Inc.
+# MinIO Cloud Storage, (C) 2019 MinIO, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,6 +15,9 @@
 # limitations under the License.
 #
 
+export MINIO_USERNAME=${MINIO_USERNAME:-"minio"}
+export MINIO_GROUPNAME=${MINIO_GROUPNAME:-"minio"}
+
 # If command starts with an option, prepend minio.
 if [ "${1}" != "minio" ]; then
     if [ -n "${1}" ]; then
@@ -24,20 +27,47 @@ fi
 
 ## Look for docker secrets in default documented location.
 docker_secrets_env() {
-    local ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
-    local SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
+    ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
+    SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
 
-    if [ -f $ACCESS_KEY_FILE -a -f $SECRET_KEY_FILE ]; then
-        if [ -f $ACCESS_KEY_FILE ]; then
-            export MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
+    if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
+        if [ -f "$ACCESS_KEY_FILE" ]; then
+            MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
+            export MINIO_ACCESS_KEY
         fi
-        if [ -f $SECRET_KEY_FILE ]; then
-            export MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
+        if [ -f "$SECRET_KEY_FILE" ]; then
+            MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
+            export MINIO_SECRET_KEY
         fi
     fi
 }
 
+## Create UID/GID based on available environment variables.
+docker_set_uid_gid() {
+    addgroup -S "$MINIO_GROUPNAME" >/dev/null 2>&1 && \
+        adduser -S -G "$MINIO_GROUPNAME" "$MINIO_USERNAME" >/dev/null 2>&1
+}
+
+# su-exec to requested user, if user cannot be requested
+# existing user is used automatically.
+docker_switch_user() {
+    owner=$(check-user "$@")
+    if [ "${owner}" != "${MINIO_USERNAME}:${MINIO_GROUPNAME}" ]; then
+        ## Print the message only if we are not using non-default username:groupname.
+        if [ "${MINIO_USERNAME}:${MINIO_GROUPNAME}" != "minio:minio" ]; then
+            echo "Requested username/group ${MINIO_USERNAME}:${MINIO_GROUPNAME} cannot be used"
+            echo "Found existing data with user ${owner}, we will continue and use ${owner} instead."
+            return
+        fi
+    fi
+    exec su-exec "${owner}" "$@"
+}
+
 ## Set access env from secrets if necessary.
 docker_secrets_env
 
-exec "$@"
+## User Input UID and GID
+docker_set_uid_gid
+
+## Switch to user if applicable.
+docker_switch_user "$@"