From e9aac746fa42c104a7722f714fa9b75f5c1744ea Mon Sep 17 00:00:00 2001
From: Ben Sparks <bsparks@dollargeneral.com>
Date: Thu, 30 Nov 2023 11:12:17 -0600
Subject: [PATCH 1/3] add ability to run as non root user

---
 docker-compose/bind9/docker-compose.yaml | 14 +++++++++-----
 docker-compose/bind9/set-bind.sh         | 10 ++++++++++
 2 files changed, 19 insertions(+), 5 deletions(-)
 create mode 100644 docker-compose/bind9/set-bind.sh

diff --git a/docker-compose/bind9/docker-compose.yaml b/docker-compose/bind9/docker-compose.yaml
index 2f0e2873..e31528c7 100644
--- a/docker-compose/bind9/docker-compose.yaml
+++ b/docker-compose/bind9/docker-compose.yaml
@@ -3,10 +3,14 @@ services:
   bind9:
     image: ubuntu/bind9:latest
     container_name: bind9
+    environment:
+      - BIND9_USER=bind
     ports:
-      - "53:53"
+      - '53:53/tcp'
+      - '53:53/udp'
+      - '127.0.0.1:953:953/tcp'
     volumes:
-      - /etc/bind/:/etc/bind/
-      - /var/cache/bind:/var/cache/bind
-      - /var/lib/bind:/var/lib/bind
-    restart: unless-stopped
\ No newline at end of file
+      - './config:/etc/bind:ro'
+      - './cache:/var/cache/bind:rw'
+      - './records:/var/lib/bind:rw'
+    restart: unless-stopped
diff --git a/docker-compose/bind9/set-bind.sh b/docker-compose/bind9/set-bind.sh
new file mode 100644
index 00000000..a836886f
--- /dev/null
+++ b/docker-compose/bind9/set-bind.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# before running the docker image, run this script to set the
+# uid to 100 and gid to 101. This is based on the bind user in the Ubuntu docker image
+#:/# grep bind /etc/passwd
+#bind:x:100:101::/var/cache/bind:/usr/sbin/nologin
+#
+sudo rndc-confgen >./config/rndc.key
+chown 100:101 -R cache
+chown 100:101 -R config
+chown 100:101 -R records

From 5d1c5650846306f69175ffe508e0e7c66161d9e4 Mon Sep 17 00:00:00 2001
From: Ben Sparks <bsparks@dollargeneral.com>
Date: Thu, 30 Nov 2023 11:15:38 -0600
Subject: [PATCH 2/3] add ability to run as non root user

---
 docker-compose/bind9/set-bind.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker-compose/bind9/set-bind.sh b/docker-compose/bind9/set-bind.sh
index a836886f..436a2039 100644
--- a/docker-compose/bind9/set-bind.sh
+++ b/docker-compose/bind9/set-bind.sh
@@ -4,7 +4,6 @@
 #:/# grep bind /etc/passwd
 #bind:x:100:101::/var/cache/bind:/usr/sbin/nologin
 #
-sudo rndc-confgen >./config/rndc.key
 chown 100:101 -R cache
 chown 100:101 -R config
 chown 100:101 -R records

From 796163cf423866d03671dab16fcdea46f1991e68 Mon Sep 17 00:00:00 2001
From: Ben Sparks <bsparks@dollargeneral.com>
Date: Fri, 1 Dec 2023 09:50:21 -0600
Subject: [PATCH 3/3] add 775 mask to folders

---
 docker-compose/bind9/set-bind.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker-compose/bind9/set-bind.sh b/docker-compose/bind9/set-bind.sh
index 436a2039..36acbfc6 100644
--- a/docker-compose/bind9/set-bind.sh
+++ b/docker-compose/bind9/set-bind.sh
@@ -7,3 +7,6 @@
 chown 100:101 -R cache
 chown 100:101 -R config
 chown 100:101 -R records
+chmod 775 cache
+chmod 775 config
+chmod 775 records