fix: Docker entrypoint 以 root 运行再降权，彻底解决 volume 权限问题

去掉 USER appuser，entrypoint 以 root 身份运行，先 chown 修复 volume 挂载目录的权限，再通过 su 降权到 appuser 执行应用。
2026-06-10 23:47:29 +00:00 · 2026-05-29 09:32:39 +08:00
parent 3c428f6a6d
commit 732a7f86fe
2 changed files with 14 additions and 5 deletions
--- a/10
+++ b/10
@@ -13,10 +13,10 @@ RUN unzip netdisk-fast-download-bin.zip && \
    chmod +x run.sh && \
    mkdir -p db logs

+COPY ./docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+
 EXPOSE 6400 6401

-RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser && \
-    chown -R appuser:appgroup /app
-USER appuser
-
-ENTRYPOINT ["sh", "run.sh"]
+RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser
+ENTRYPOINT ["/docker-entrypoint.sh"]
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+# Fix permissions on volume-mounted directories (runs as root)
+chown -R appuser:appgroup /app/db /app/logs /app/resources 2>/dev/null || true
+
+# Run Java directly - entrypoint is PID 1, exec makes Java PID 1
+# Docker SIGTERM goes directly to Java, triggering ShutdownHook
+exec java -Xmx${JVM_XMX:-512M} ${JVM_OPTS} -jar /app/netdisk-fast-download.jar