Rework service user (#208)

Related to https://github.com/bitwarden/core/pull/292

entrypoint.sh

@@ -5,52 +5,27 @@
 GROUPNAME="bitwarden"
 USERNAME="bitwarden"
 
-CURRENTGID=`getent group $GROUPNAME | cut -d: -f3`
-LGID=${LOCAL_GID:-999}
+LUID=${LOCAL_UID:-0}
+LGID=${LOCAL_GID:-0}
 
-NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?`
-LUID=${LOCAL_UID:-999}
+# Step down from host root to well-known nobody/nogroup user
 
-# Step down from host root
-
-if [ $LGID == 0 ]
+if [ $LUID -eq 0 ]
 then
-    LGID=999
+    LUID=65534
 fi
-
-if [ $LUID == 0 ]
+if [ $LGID -eq 0 ]
 then
-    LUID=999
+    LGID=65534
 fi
 
-# Create group
+# Create user and group
 
-if [ $CURRENTGID ]
-then
-    if [ "$CURRENTGID" != "$LGID" ]
-    then
-        groupmod -g $LGID $GROUPNAME
-    fi
-else
-    groupadd -g $LGID $GROUPNAME
-fi
-
-# Create user and assign group
-
-if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ]
-then
-    usermod -u $LUID $USERNAME
-elif [ $NOUSER == 1 ]
-then
-    useradd -r -u $LUID -g $GROUPNAME $USERNAME
-fi
-
-# Make home directory for user
-
-if [ ! -d "/home/$USERNAME" ]
-then
-    mkhomedir_helper $USERNAME
-fi
+groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
+groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
+useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
+usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
+mkhomedir_helper $USERNAME
 
 # The rest...
 
@@ -60,5 +35,5 @@ cp /etc/bitwarden/web/app-id.json /app/app-id.json
 chown -R $USERNAME:$GROUPNAME /app
 chown -R $USERNAME:$GROUPNAME /bitwarden_server
 
-gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
+exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
     /contentRoot=/app /webRoot=. /serveUnknown=false