add su-exec

Dockerfile

@@ -1,7 +1,7 @@
 FROM alpine:3.12
 MAINTAINER "EEA: IDM2 A-Team" <eea-edw-a-team-alerts@googlegroups.com>
 
-RUN apk add --no-cache --virtual .run-deps rsync openssh tzdata curl ca-certificates && rm -rf /var/cache/apk/*
+RUN apk add --no-cache --virtual .run-deps su-exec rsync openssh tzdata curl ca-certificates && rm -rf /var/cache/apk/*
 COPY docker-entrypoint.sh /
 
 ENTRYPOINT ["/docker-entrypoint.sh"]

docker-entrypoint.sh

@@ -16,10 +16,12 @@ if [ "$RSYNC_UID" != "" ] && [ "$RSYNC_GID" != "" ]; then
     echo "rsyncuser:x:$RSYNC_UID:$RSYNC_GID::/home/rsyncuser:/bin/sh" >> /etc/passwd
     echo "users:x:$RSYNC_GID:rsyncuser" >> /etc/group
     RSYNC_USER=rsyncuser
+    RSYNC_GROUP=users
 else
     # UID and GID not provided
     echo "UID and GID are NOT provided. Proceeding as the root user."
     RSYNC_USER=root
+    RSYNC_GROUP=root
 fi
 
 # Provide SSH_AUTH_KEY_* via environment variable
@@ -72,7 +74,7 @@ if [ "$1" == "server" ]; then
   echo "Running: /usr/sbin/sshd $SSH_PARAMS                                             "
   echo "================================================================================"
 
-  exec /usr/sbin/sshd -D $SSH_PARAMS
+  su-exec $RSYNC_USER:$RSYNC_GROUP  /usr/sbin/sshd -D $SSH_PARAMS
 fi
 
 echo "Please add this ssh key to your server /home/user/.ssh/authorized_keys        "
@@ -85,10 +87,10 @@ echo "==========================================================================
 ################################################################################
 
 if [ "$1" == "client" ]; then
-  exec /usr/sbin/crond -f
+  su-exec $RSYNC_USER:$RSYNC_GROUP  /usr/sbin/crond -f
 fi
 
 ################################################################################
 # Anything else
 ################################################################################
-exec "$@"
+su-exec $RSYNC_USER:$RSYNC_GROUP "$@"