Everything runs as root - that's a serious security concern

[FlorentLM]

Hi there,

Thanks for putting this repo together, all these older repos were indeed full of good stuff and it's extremely nice to see them coming together! :)

One thing that is worrysome though, is that everything runs as root - this is quite a substantial security concern, and is even advised against in SteamCMD's documentation.

I made a rootless version which seems to work fine, and should be much safer, feel free to look at the fork, I'll create a pull request once I've ironed out some details :)

Cheers

[JACOBSMILE]

Hi, thanks for alerting me. I appreciate the help on your fork, I'll be happy to review the PR when you get it put together.

[JACOBSMILE]

@FlorentLM I have published a Pull Request (#14) integrating some of my recent changes in my updates in PR #13, and your fork. I have not merged it yet since you had mentioned you were ironing out some details. I also want to make sure you receive proper contributor credit, which I think you will since I merged in from both our branches and resolved the conflicts. Please take a look when you get a chance and let me know before I merge it.

Appreciate the help!

[FlorentLM]

Hey hey,

Thanks again for adding my changes :) I just pushed some more tweaks to my fork, here's a quick summary:

• Removed the builder step by building directly on Steam's Ubuntu image, leading in a smaller final container (efficiency score 95% according to dive
• Removed the need to reacquire root during the build by directly setting the correct permissions via --chown and --chmod flags in the Dockerfile
• Reworked the directory structure like so:
  1. • The server itself lives in /terraria-server
  2. • Worlds, Mods, server_config.txt and enabled_mods.json all live in /data This means users can now bind mount one folder on the host to /data and they'll find everything in there, which is useful for persistance across restarts.

NOTE: As per the recommended approach, users must chown the host folder to 456:456 before starting the container, otherwise the container might not be able to write its stuff in it.

Example:

chown -R 456:456 /path/on/the/host/terraria
docker run -v /path/on/the/host/terraria:/data 

This should also make things easier if one wants to run the docker daemon as rootless and use subuids

[JACOBSMILE]

@FlorentLM Do you mind making a pull request, which is also updated with the latest master branch? I'm also going to have to redirect users to map their directories to a different spot internal to the container (again), which will make updating a bit trickier, but I believe my update notice messages will help to bridge that gap.

Appreciate the continued help!