From 2dc6c6248a6ef72f0a557c3727ad8286ce8d0fed Mon Sep 17 00:00:00 2001
From: Ambroise Maupate <ambroise@rezo-zero.com>
Date: Thu, 19 Sep 2024 11:36:34 +0200
Subject: [PATCH] feat: Prevent cron docker entrypoint to run as non-root user

---
 docker/php-fpm-alpine/docker-cron-entrypoint     | 6 ++++++
 docker/php-fpm-alpine/docker-cron-entrypoint-dev | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/docker/php-fpm-alpine/docker-cron-entrypoint b/docker/php-fpm-alpine/docker-cron-entrypoint
index b02406f..159313b 100755
--- a/docker/php-fpm-alpine/docker-cron-entrypoint
+++ b/docker/php-fpm-alpine/docker-cron-entrypoint
@@ -3,6 +3,12 @@ set -e
 
 env >> /etc/environment
 
+# cron entrypoint must be run as root as it spawns crontab for each system user
+if [ "$(id -u)" -ne 0 ]; then
+    echo "Please run as root"
+    exit 1
+fi
+
 # Print env infos
 echo "APP_ENV=${APP_ENV}";
 echo "APP_RUNTIME_ENV=${APP_RUNTIME_ENV}";
diff --git a/docker/php-fpm-alpine/docker-cron-entrypoint-dev b/docker/php-fpm-alpine/docker-cron-entrypoint-dev
index 18899ee..af2d56e 100755
--- a/docker/php-fpm-alpine/docker-cron-entrypoint-dev
+++ b/docker/php-fpm-alpine/docker-cron-entrypoint-dev
@@ -3,6 +3,12 @@ set -e
 
 env >> /etc/environment
 
+# cron entrypoint must be run as root as it spawns crontab for each system user
+if [ "$(id -u)" -ne 0 ]; then
+    echo "Please run as root"
+    exit 1
+fi
+
 # Print env infos
 echo "APP_ENV=${APP_ENV}";
 echo "APP_RUNTIME_ENV=${APP_RUNTIME_ENV}";