fix: Docker entrypoint 以 root 运行再降权，彻底解决 volume 权限问题

去掉 USER appuser，entrypoint 以 root 身份运行，先 chown 修复 volume 挂载目录的权限，再通过 su 降权到 appuser 执行应用。
2026-06-10 23:47:29 +00:00 · 2026-05-29 09:32:39 +08:00
parent 3c428f6a6d
commit 732a7f86fe
2 changed files with 14 additions and 5 deletions
--- a/10
+++ b/10
@@ -13,10 +13,10 @@ RUN unzip netdisk-fast-download-bin.zip && \
    chmod +x run.sh && \
    mkdir -p db logs
 COPY ./docker-entrypoint.sh /docker-entrypoint.sh
 RUN chmod +x /docker-entrypoint.sh
 EXPOSE 6400 6401
-RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser && \
+RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser
-    chown -R appuser:appgroup /app
+ENTRYPOINT ["/docker-entrypoint.sh"]
 USER appuser
 ENTRYPOINT ["sh", "run.sh"]
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -0,0 +1,9 @@
 #!/bin/sh
 set -e
 # Fix permissions on volume-mounted directories (runs as root)
 chown -R appuser:appgroup /app/db /app/logs /app/resources 2>/dev/null || true
 # Run Java directly - entrypoint is PID 1, exec makes Java PID 1
 # Docker SIGTERM goes directly to Java, triggering ShutdownHook
 exec java -Xmx${JVM_XMX:-512M} ${JVM_OPTS} -jar /app/netdisk-fast-download.jar