From 84c9e5304e74acf22e5471240e6f4b8dd9457cb6 Mon Sep 17 00:00:00 2001 From: jason Date: Sun, 29 Mar 2026 22:10:07 -0500 Subject: [PATCH] Fix entrypoint: reuse existing GID/UID instead of blindly creating MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Alpine's built-in 'users' group owns GID 100 and 'nobody' owns UID 99. The old check tested by name (appgroup/appuser) which always passed, then hit 'addgroup: gid 100 in use' on creation. Now checks by GID/UID via getent — reuses the existing group/user if the ID is already taken, only creates new ones when the ID is free. Co-Authored-By: Claude Sonnet 4.6 --- docker-entrypoint.sh | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index de28b57..980cb95 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -7,12 +7,24 @@ PGID=${PGID:-100} echo "[entrypoint] Starting Family Planner (PUID=${PUID}, PGID=${PGID})" -# Create the app user/group if they don't already exist at the requested IDs -if ! getent group appgroup > /dev/null 2>&1; then - addgroup -g "${PGID}" appgroup +# Resolve group: reuse existing group at PGID, or create a new one +if getent group "${PGID}" > /dev/null 2>&1; then + APP_GROUP=$(getent group "${PGID}" | cut -d: -f1) + echo "[entrypoint] Reusing existing group '${APP_GROUP}' (GID=${PGID})" +else + APP_GROUP=appgroup + addgroup -g "${PGID}" "${APP_GROUP}" + echo "[entrypoint] Created group '${APP_GROUP}' (GID=${PGID})" fi -if ! getent passwd appuser > /dev/null 2>&1; then - adduser -D -u "${PUID}" -G appgroup appuser + +# Resolve user: reuse existing user at PUID, or create a new one +if getent passwd "${PUID}" > /dev/null 2>&1; then + APP_USER=$(getent passwd "${PUID}" | cut -d: -f1) + echo "[entrypoint] Reusing existing user '${APP_USER}' (UID=${PUID})" +else + APP_USER=appuser + adduser -D -u "${PUID}" -G "${APP_GROUP}" "${APP_USER}" + echo "[entrypoint] Created user '${APP_USER}' (UID=${PUID})" fi # Ensure /data is owned by the app user so SQLite can write