From 4bf781b82f6b47f00d68ffb087247e18e14c86cc Mon Sep 17 00:00:00 2001
From: uprightbass360 <uprightbass360@gmail.com>
Date: Sun, 9 Nov 2025 05:49:51 -0500
Subject: [PATCH] make backup run as container user

---
 docker-compose.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 340322f..5cbb7ac 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -144,6 +144,7 @@ services:
     profiles: ["db"]
     image: ${MYSQL_IMAGE}
     container_name: ${CONTAINER_BACKUP}
+    user: "0:0"
     userns_mode: "keep-id"
     depends_on:
       ac-db-import:
@@ -169,11 +170,19 @@ services:
       - /bin/bash
       - -c
       - |
-        microdnf install -y curl || yum install -y curl || (apt-get update && apt-get install -y curl)
-        echo "📥 Downloading backup scheduler script (local copy preferred if mounted)..."
+        microdnf install -y curl || yum install -y curl || (apt-get update -qq && apt-get install -y curl)
+        echo "📥 Preparing backup scheduler (dropping privileges to ${CONTAINER_USER})..."
+        run_as_user(){
+          if command -v gosu >/dev/null 2>&1; then
+            gosu ${CONTAINER_USER} "$@"
+          else
+            echo "⚠️  gosu not found; running backup scheduler as root."
+            "$@"
+          fi
+        }
         if [ -f /tmp/scripts/bash/backup-scheduler.sh ]; then
           chmod +x /tmp/scripts/bash/backup-scheduler.sh 2>/dev/null || true
-          bash /tmp/scripts/bash/backup-scheduler.sh
+          run_as_user /tmp/scripts/bash/backup-scheduler.sh
         else
           echo "No local scheduler provided"
         fi