From 4e112e2daaba5141060f8d630e7ac232d722127a Mon Sep 17 00:00:00 2001
From: tangowithfoxtrot <5676771+tangowithfoxtrot@users.noreply.github.com>
Date: Fri, 30 May 2025 10:30:08 -0700
Subject: [PATCH] feat: enable running as non-root user (#13887)

---
 apps/web/entrypoint.sh | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/apps/web/entrypoint.sh b/apps/web/entrypoint.sh
index 16d1c78fb77..53e8af235fb 100644
--- a/apps/web/entrypoint.sh
+++ b/apps/web/entrypoint.sh
@@ -19,20 +19,29 @@ then
     LGID=65534
 fi
 
-# Create user and group
+if [ "$(id -u)" = "0" ]; then
+    # Create user and group
 
-groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
-groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
-useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
-usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
-mkhomedir_helper $USERNAME
+    groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
+    groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
+    useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
+    usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
+    mkhomedir_helper $USERNAME
 
-# The rest...
+    # The rest...
 
-chown -R $USERNAME:$GROUPNAME /etc/bitwarden
-cp /etc/bitwarden/web/app-id.json /app/app-id.json
-chown -R $USERNAME:$GROUPNAME /app
-chown -R $USERNAME:$GROUPNAME /bitwarden_server
+    chown -R $USERNAME:$GROUPNAME /etc/bitwarden
+    chown -R $USERNAME:$GROUPNAME /app
+    chown -R $USERNAME:$GROUPNAME /bitwarden_server
 
-exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
-    /contentRoot=/app /webRoot=. /serveUnknown=false /webVault=true
+    gosu_cmd="gosu $USERNAME:$GROUPNAME"
+else
+    gosu_cmd=""
+fi
+
+exec $gosu_cmd /bitwarden_server/Server \
+    /contentRoot=/app \
+    /webRoot=. \
+    /serveUnknown=false \
+    /webVault=true \
+    /appIdLocation=/etc/bitwarden/web/app-id.json