#!/bin/sh set -e # Fix data directory permissions when running as root. # Docker named volumes / host bind-mounts may be owned by root, # preventing the non-root app user from writing files. if [ "$(id -u)" = "0" ]; then mkdir -p /app/data # Use || true to avoid failure on read-only mounted files (e.g. config.yaml:ro) chown -R app:app /app/data 2>/dev/null || true # Re-invoke this script as the non-root user so the main process runs unprivileged. exec su-exec app "$0" "$@" fi # Compatibility: if the first arg looks like a flag (e.g. --help), # prepend the default binary so it behaves like the default CMD form. if [ "${1#-}" != "$1" ]; then set -- /app/server "$@" fi exec "$@"