From a14551aee6c49a0ec3eaae8aed129e5fad6fc51d Mon Sep 17 00:00:00 2001
From: Matthias Bilger <matthias@bilger.info>
Date: Thu, 5 Jan 2023 10:04:03 +0100
Subject: [PATCH] Allow setting the UID and GID of clamav at runtime

If CLAMAV_UID/CLAMAV_GID are set, the userid and/or groupid of the
clamav user is updated on startup. This can be helfull to gain the
correct access rights on scandir mounts.
---
 clamav/1.0/alpine/Dockerfile                   | 1 +
 clamav/1.0/alpine/scripts/docker-entrypoint.sh | 9 +++++++++
 clamav/1.0/debian/Dockerfile                   | 1 +
 clamav/1.0/debian/scripts/docker-entrypoint.sh | 9 +++++++++
 4 files changed, 20 insertions(+)

diff --git a/clamav/1.0/alpine/Dockerfile b/clamav/1.0/alpine/Dockerfile
index db47416..04fab9f 100644
--- a/clamav/1.0/alpine/Dockerfile
+++ b/clamav/1.0/alpine/Dockerfile
@@ -35,6 +35,7 @@ RUN apk update && apk upgrade \
         # For building static libraries with Mussels
         git \
         patchelf \
+        shadow \
     && \
     python3 -m pip install --upgrade pip && \
     python3 -m pip install mussels && \
diff --git a/clamav/1.0/alpine/scripts/docker-entrypoint.sh b/clamav/1.0/alpine/scripts/docker-entrypoint.sh
index 0140c73..1585029 100755
--- a/clamav/1.0/alpine/scripts/docker-entrypoint.sh
+++ b/clamav/1.0/alpine/scripts/docker-entrypoint.sh
@@ -10,6 +10,15 @@
 
 set -eu
 
+# update userid/groupid if specified
+if [ -n $CLAMAV_UID ]; then
+        usermod -u $CLAMAV_UID clamav
+fi
+
+if [ -n $CLAMAV_GID ]; then
+        groupmod -g $CLAMAV_GID clamav
+fi
+
 if [ ! -d "/run/clamav" ]; then
 	install -d -g "clamav" -m 775 -o "clamav" "/run/clamav"
 fi
diff --git a/clamav/1.0/debian/Dockerfile b/clamav/1.0/debian/Dockerfile
index d3fc421..505f0b2 100644
--- a/clamav/1.0/debian/Dockerfile
+++ b/clamav/1.0/debian/Dockerfile
@@ -36,6 +36,7 @@ RUN apt update && apt install -y \
         libxml2-dev \
         zlib1g-dev \
         curl \
+        shadow \
     && \
     rm -rf /var/cache/apt/archives \
     && \
diff --git a/clamav/1.0/debian/scripts/docker-entrypoint.sh b/clamav/1.0/debian/scripts/docker-entrypoint.sh
index ac7aceb..0000346 100755
--- a/clamav/1.0/debian/scripts/docker-entrypoint.sh
+++ b/clamav/1.0/debian/scripts/docker-entrypoint.sh
@@ -10,6 +10,15 @@
 
 set -eu
 
+# update userid/groupid if specified
+if [ -n $CLAMAV_UID ]; then
+        usermod -u $CLAMAV_UID clamav
+fi
+
+if [ -n $CLAMAV_GID ]; then
+        groupmod -g $CLAMAV_GID clamav
+fi
+
 if [ ! -d "/run/clamav" ]; then
 	install -d -g "clamav" -m 775 -o "clamav" "/run/clamav"
 fi