Support nonroot operation

linuxserver · Dec 20, 2024 · 016be7b · 016be7b
1 parent b6f4c2c
commit 016be7b
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -90,6 +90,10 @@ Similarly to the WEBUI_PORT, to set the port to 6887 you need to pass -p 6887:68
 
 This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/).
 
+## Non-Root Operation
+
+This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/).
+
 ## Usage
 
 To help you get started creating a container from this image you can either use docker-compose or the docker cli.
@@ -157,6 +161,7 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-v /config` | Contains all relevant configuration files. |
 | `-v /downloads` | Location of downloads on disk. |
 | `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). |
+| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). |
 
 ## Environment variables from files (Docker secrets)
 

diff --git a/readme-vars.yml b/readme-vars.yml
@@ -34,6 +34,7 @@ opt_param_usage_include_vols: true
 opt_param_volumes:
   - {vol_path: "/downloads", vol_host_path: "/path/to/downloads", desc: "Location of downloads on disk."}
 readonly_supported: true
+nonroot_supported: true
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
@@ -47,7 +48,7 @@ app_setup_block: |
 
   Due to issues with CSRF and port mapping, should you require to alter the port for the web UI you need to change both sides of the -p 8080 switch AND set the WEBUI_PORT variable to the new port.
 
-  For example, to set the port to 8090 you need to set -p 8090:8090 and -e WEBUI_PORT=8090
+  For example, to set the port to 8090 you need to set -p 8123:8123 and -e WEBUI_PORT=8123
 
   ### TORRENTING_PORT
 

diff --git a/root/etc/s6-overlay/s6-rc.d/init-qbittorrent-config/run b/root/etc/s6-overlay/s6-rc.d/init-qbittorrent-config/run
@@ -9,11 +9,13 @@ if [[ ! -f /config/qBittorrent/qBittorrent.conf ]]; then
     cp /defaults/qBittorrent.conf /config/qBittorrent/qBittorrent.conf
 fi
 
-# chown download directory if currently not set to abc
-if grep -qe ' /downloads ' /proc/mounts; then
-    lsiown abc:abc /downloads
-fi
+if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
+    # chown download directory if currently not set to abc
+    if grep -qe ' /downloads ' /proc/mounts; then
+        lsiown abc:abc /downloads
+    fi
 
-# permissions
-lsiown -R abc:abc \
-    /config
+    # permissions
+    lsiown -R abc:abc \
+        /config
+fi
diff --git a/root/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run b/root/etc/s6-overlay/s6-rc.d/svc-qbittorrent/run
@@ -11,6 +11,11 @@ if [[ -z ${WEBUI_ADDRESS} ]] || [[ ${WEBUI_ADDRESS} == "*" ]]; then
     WEBUI_ADDRESS="localhost"
 fi
 
+if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
 exec \
     s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z ${WEBUI_ADDRESS} ${WEBUI_PORT}" \
         s6-setuidgid abc /usr/bin/qbittorrent-nox --webui-port="${WEBUI_PORT}" ${TORRENTING_PORT_ARG}
+else
+    s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z ${WEBUI_ADDRESS} ${WEBUI_PORT}" \
+        /usr/bin/qbittorrent-nox --webui-port="${WEBUI_PORT}" ${TORRENTING_PORT_ARG}
+fi