From c90d777f2ced2cb65fea5bf982ff93756d2f8a11 Mon Sep 17 00:00:00 2001 From: Deckard Date: Mon, 13 Oct 2025 00:44:10 -0400 Subject: [PATCH] user permission alignment --- docker-compose-azerothcore-database.env | 12 +++++++++- docker-compose-azerothcore-database.yml | 7 ++++-- docker-compose-azerothcore-modules.env | 28 +++++++++++++++------- docker-compose-azerothcore-services.env | 14 +++++++++-- docker-compose-azerothcore-services.yml | 31 ++++++++++++++++++------- docker-compose-azerothcore-tools.env | 12 +++++++++- 6 files changed, 80 insertions(+), 24 deletions(-) diff --git a/docker-compose-azerothcore-database.env b/docker-compose-azerothcore-database.env index ca25991..c58efd0 100644 --- a/docker-compose-azerothcore-database.env +++ b/docker-compose-azerothcore-database.env @@ -4,7 +4,7 @@ # DEPLOYMENT CONFIGURATION # ============================================== # Storage root path - local: ./storage, production: /nfs/containers or custom mount -STORAGE_ROOT=./storage +STORAGE_ROOT=/nfs/containers # Storage configuration for database layer STORAGE_PATH=${STORAGE_ROOT}/azerothcore @@ -14,6 +14,16 @@ STORAGE_PATH=${STORAGE_ROOT}/azerothcore # Timezone TZ=UTC +# ============================================== +# USER MAPPING CONFIGURATION (for NFS compatibility) +# ============================================== +# User and group IDs for container processes +# Set these to match your NFS server's user mapping +# Default: 1001:1000 (matches 'sharing' user on most systems) +CONTAINER_USER_ID=1001 +CONTAINER_GROUP_ID=1000 +CONTAINER_USER=${CONTAINER_USER_ID}:${CONTAINER_GROUP_ID} + # ============================================== # DATABASE CREDENTIALS # ============================================== diff --git a/docker-compose-azerothcore-database.yml b/docker-compose-azerothcore-database.yml index 135ebf7..3ab6334 100644 --- a/docker-compose-azerothcore-database.yml +++ b/docker-compose-azerothcore-database.yml @@ -118,7 +118,6 @@ services: ac-db-import: image: ${AC_DB_IMPORT_IMAGE} container_name: ${CONTAINER_DB_IMPORT} - user: "${CONTAINER_USER}" depends_on: ac-mysql: condition: service_healthy @@ -144,13 +143,17 @@ services: DB_AUTH_NAME: ${DB_AUTH_NAME} DB_WORLD_NAME: ${DB_WORLD_NAME} DB_CHARACTERS_NAME: ${DB_CHARACTERS_NAME} + CONTAINER_USER: ${CONTAINER_USER} command: - sh - -c - | - # Install curl for downloading conditional db import script + # Install curl for downloading conditional db import script (as root) microdnf install -y curl || yum install -y curl || (apt-get update && apt-get install -y curl) + # Set ownership for config directories + chown ${CONTAINER_USER} /azerothcore/env/dist/etc 2>/dev/null || true + # Download conditional db import script from GitHub echo "📥 Downloading conditional database import script from GitHub..." curl -fsSL https://raw.githubusercontent.com/uprightbass360/acore-compose/main/scripts/db-import-conditional.sh -o /tmp/db-import-conditional.sh diff --git a/docker-compose-azerothcore-modules.env b/docker-compose-azerothcore-modules.env index 7da8153..b6a747d 100644 --- a/docker-compose-azerothcore-modules.env +++ b/docker-compose-azerothcore-modules.env @@ -8,9 +8,19 @@ # ============================================== # Storage root path - local: ./storage, production: /nfs/containers or custom mount # !!Set this for your environment root!!! -STORAGE_ROOT=./storage +STORAGE_ROOT=/nfs/containers # Storage configuration (must match database layer) STORAGE_PATH=${STORAGE_ROOT}/azerothcore + +# ============================================== +# USER MAPPING CONFIGURATION (for NFS compatibility) +# ============================================== +# User and group IDs for container processes +# Set these to match your NFS server's user mapping +# Default: 1001:1000 (matches 'sharing' user on most systems) +CONTAINER_USER_ID=1001 +CONTAINER_GROUP_ID=1000 +CONTAINER_USER=${CONTAINER_USER_ID}:${CONTAINER_GROUP_ID} # GIT GIT_EMAIL=uprightbass360@gmail.com GIT_USERNAME=uprightbass360 @@ -99,19 +109,19 @@ PLAYERBOT_MAX_BOTS=40 # Module configuration MODULE_PLAYERBOTS=0 MODULE_AOE_LOOT=0 -MODULE_LEARN_SPELLS=0 -MODULE_FIREWORKS=0 +MODULE_LEARN_SPELLS=1 +MODULE_FIREWORKS=1 MODULE_INDIVIDUAL_PROGRESSION=0 # Quality of Life Modules -MODULE_AHBOT=0 -MODULE_AUTOBALANCE=0 -MODULE_TRANSMOG=0 -MODULE_NPC_BUFFER=0 +MODULE_AHBOT=1 +MODULE_AUTOBALANCE=1 +MODULE_TRANSMOG=1 +MODULE_NPC_BUFFER=1 # Gameplay Enhancement Modules MODULE_DYNAMIC_XP=0 -MODULE_SOLO_LFG=0 +MODULE_SOLO_LFG=1 MODULE_1V1_ARENA=0 MODULE_PHASED_DUELS=0 @@ -127,7 +137,7 @@ MODULE_ELUNA=0 MODULE_TIME_IS_TIME=0 MODULE_POCKET_PORTAL=0 MODULE_RANDOM_ENCHANTS=0 -MODULE_SOLOCRAFT=0 +MODULE_SOLOCRAFT=1 MODULE_PVP_TITLES=0 MODULE_NPC_BEASTMASTER=0 MODULE_NPC_ENCHANTER=0 diff --git a/docker-compose-azerothcore-services.env b/docker-compose-azerothcore-services.env index 3dc354f..51cb93e 100644 --- a/docker-compose-azerothcore-services.env +++ b/docker-compose-azerothcore-services.env @@ -7,10 +7,20 @@ # DEPLOYMENT CONFIGURATION # ============================================== # Storage root path - local: ./storage, production: /nfs/containers or custom mount -STORAGE_ROOT=./storage +STORAGE_ROOT=/nfs/containers # Storage configuration (must match database layer) STORAGE_PATH=${STORAGE_ROOT}/azerothcore +# ============================================== +# USER MAPPING CONFIGURATION (for NFS compatibility) +# ============================================== +# User and group IDs for container processes +# Set these to match your NFS server's user mapping +# Default: 1001:1000 (matches 'sharing' user on most systems) +CONTAINER_USER_ID=1001 +CONTAINER_GROUP_ID=1000 +CONTAINER_USER=${CONTAINER_USER_ID}:${CONTAINER_GROUP_ID} + # ============================================== # NETWORK CONFIGURATION # ============================================== @@ -22,7 +32,7 @@ SOAP_EXTERNAL_PORT=7778 # Server address for client connections (production) # SERVER_ADDRESS=192.168.0.188 # Server address for client connections (local) -SERVER_ADDRESS=127.0.0.1 +SERVER_ADDRESS=192.168.0.188 # Use WORLD_EXTERNAL_PORT for realmlist (client connection port) REALM_PORT=8215 diff --git a/docker-compose-azerothcore-services.yml b/docker-compose-azerothcore-services.yml index 00771a1..cd650ae 100644 --- a/docker-compose-azerothcore-services.yml +++ b/docker-compose-azerothcore-services.yml @@ -10,16 +10,17 @@ services: image: ${AC_CLIENT_DATA_IMAGE} pull_policy: ${IMAGE_PULL_POLICY} container_name: ${CONTAINER_CLIENT_DATA} - user: "${CONTAINER_USER}" # Use mapped user for NFS compatibility volumes: - ${STORAGE_PATH}/data:/azerothcore/data - ${STORAGE_PATH}/cache:/cache working_dir: /tmp + environment: + - CONTAINER_USER=${CONTAINER_USER} command: - sh - -c - | - # Auto-detect package manager and install dependencies + # Auto-detect package manager and install dependencies (as root) if command -v apk >/dev/null 2>&1; then # Alpine Linux apk add --no-cache curl unzip wget ca-certificates p7zip jq @@ -34,14 +35,17 @@ services: exit 1 fi - # Create cache directory if it doesn't exist + # Create cache directory with correct ownership mkdir -p /cache + chown ${CONTAINER_USER} /cache /azerothcore/data 2>/dev/null || true - # Download and execute client data script from GitHub + # Download and execute client data script from GitHub as mapped user echo "📥 Downloading client data script from GitHub..." curl -fsSL https://raw.githubusercontent.com/uprightbass360/acore-compose/main/scripts/download-client-data.sh -o /tmp/download-client-data.sh chmod +x /tmp/download-client-data.sh - /tmp/download-client-data.sh + + # Switch to mapped user for file operations + su -s /bin/sh $${CONTAINER_USER%%:*} -c '/tmp/download-client-data.sh' || /tmp/download-client-data.sh restart: "no" networks: - azerothcore @@ -143,7 +147,6 @@ services: image: ${ALPINE_GIT_IMAGE} pull_policy: ${IMAGE_PULL_POLICY} container_name: ${CONTAINER_MODULES} - user: "${CONTAINER_USER}" # Use mapped user for NFS compatibility volumes: - ${STORAGE_PATH}/modules:/modules - ${STORAGE_PATH}/config:/azerothcore/env/dist/etc @@ -193,17 +196,24 @@ services: - DB_AUTH_NAME=${DB_AUTH_NAME} - DB_WORLD_NAME=${DB_WORLD_NAME} - DB_CHARACTERS_NAME=${DB_CHARACTERS_NAME} + - CONTAINER_USER=${CONTAINER_USER} entrypoint: ["/bin/sh", "-c"] command: - | + # Install packages as root apk add --no-cache curl + # Set ownership for module directories + mkdir -p /scripts + chown ${CONTAINER_USER} /modules /azerothcore/env/dist/etc 2>/dev/null || true + echo "📥 Downloading module management script from GitHub..." curl -fsSL https://raw.githubusercontent.com/uprightbass360/acore-compose/main/scripts/manage-modules.sh -o /tmp/manage-modules.sh curl -fsSL https://raw.githubusercontent.com/uprightbass360/acore-compose/main/scripts/manage-modules-sql.sh -o /scripts/manage-modules-sql.sh chmod +x /tmp/manage-modules.sh /scripts/manage-modules-sql.sh - /tmp/manage-modules.sh + # Run module management as mapped user + su -s /bin/sh $${CONTAINER_USER%%:*} -c '/tmp/manage-modules.sh' || /tmp/manage-modules.sh restart: "no" networks: - azerothcore @@ -213,7 +223,6 @@ services: image: ${ALPINE_IMAGE} pull_policy: ${IMAGE_PULL_POLICY} container_name: ${CONTAINER_POST_INSTALL} - user: "${CONTAINER_USER}" # Use mapped user for NFS compatibility volumes: - ${STORAGE_PATH}/config:/azerothcore/config - ${STORAGE_PATH}/install-markers:/install-markers @@ -234,16 +243,20 @@ services: NETWORK_NAME: ${NETWORK_NAME} CONTAINER_AUTHSERVER: ${CONTAINER_AUTHSERVER} CONTAINER_WORLDSERVER: ${CONTAINER_WORLDSERVER} + CONTAINER_USER: ${CONTAINER_USER} depends_on: - ac-modules command: - sh - -c - | - # Install required packages + # Install required packages as root echo "📦 Installing required packages..." apk add --no-cache bash curl docker-cli + # Set ownership for config directories + chown ${CONTAINER_USER} /azerothcore/config /install-markers 2>/dev/null || true + # Download post-install script from GitHub (fallback to local for testing) echo "📥 Downloading auto post-install script..." curl -fsSL https://raw.githubusercontent.com/uprightbass360/acore-compose/main/scripts/auto-post-install.sh -o /tmp/auto-post-install.sh diff --git a/docker-compose-azerothcore-tools.env b/docker-compose-azerothcore-tools.env index 86eb9d1..2dbf80c 100644 --- a/docker-compose-azerothcore-tools.env +++ b/docker-compose-azerothcore-tools.env @@ -8,10 +8,20 @@ # TOOL STORAGE PATHS # ============================================== # Storage root path - local: ./storage, production: /nfs/containers or custom mount -STORAGE_ROOT=./storage +STORAGE_ROOT=/nfs/containers # Storage for tools (unified with core stack) STORAGE_PATH=${STORAGE_ROOT}/azerothcore +# ============================================== +# USER MAPPING CONFIGURATION (for NFS compatibility) +# ============================================== +# User and group IDs for container processes +# Set these to match your NFS server's user mapping +# Default: 1001:1000 (matches 'sharing' user on most systems) +CONTAINER_USER_ID=1001 +CONTAINER_GROUP_ID=1000 +CONTAINER_USER=${CONTAINER_USER_ID}:${CONTAINER_GROUP_ID} + # ============================================== # DATABASE CONNECTION # ==============================================