fix: container crash when started with --user flag (Unraid)

[GeiserX]

Summary

• Skip su-exec when container is already running as non-root (e.g. Unraid --user 99:100)
• Move /data ownership fix before privilege drop so bind-mounted host dirs get correct permissions

Root Cause

Unraid starts containers with --user 99:100 (nobody:users). The entrypoint called su-exec cashpilot which internally calls setgroups() — this requires CAP_SETGID which is unavailable when already non-root. Result: immediate crash with su-exec: setgroups: Operation not permitted.

Test Plan

• Container starts normally (root entrypoint → su-exec drop to cashpilot)
• Container starts with --user 99:100 (Unraid pattern)
• Container starts with bind-mounted /data volume
• /fleet permission error is non-fatal warning (expected without fleet volume)

Closes #48

Summary by CodeRabbit

• Chores
  • Improved container startup handling for non-root execution scenarios
  • Enhanced directory permission setup to ensure proper access when running as root
  • Increased robustness of initialization process by gracefully handling permission-related errors during startup

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7111c7a0-08d0-459a-bbda-827b33cd85dc

📥 Commits

Reviewing files that changed from the base of the PR and between 2321eac and b358660.

📒 Files selected for processing (1)

• entrypoint.sh

---

📝 Walkthrough

Walkthrough

entrypoint.sh now detects non-root container starts and skips privilege setup. When running as root, it ensures /data and /fleet are writable by cashpilot:root via chown (ignoring errors), then proceeds with docker-socket adjustment and final privilege drop to the cashpilot user.

Changes

Entrypoint privilege handling

Layer / File(s)	Summary
Non-root guard and privilege setup entrypoint.sh	Early non-root detection execs the command as-is. Root startup ensures /data and /fleet are writable by cashpilot:root, proceeds with docker-socket logic, then execs the command as cashpilot via su-exec.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the main change: fixing container crashes when started with --user flag (Unraid), which matches the primary objective.
Linked Issues check	✅ Passed	Changes detect non-root user startup and skip su-exec to prevent setgroups failures, directly resolving issue #48's requirement for Unraid container startup.
Out of Scope Changes check	✅ Passed	All changes focus on the entrypoint privilege setup logic: non-root detection, chown operations, and su-exec handling—all directly addressing issue #48.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/unraid-startup-48

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}