refactor: use openssh-server's ForceCommand option instead of /tmp/mysqldump.sh

Dockerfile

@@ -9,7 +9,7 @@ RUN apk add --no-cache \
         mariadb-client=$MARIADB_CLIENT_PACKAGE_VERSION \
         openssh-server=$OPENSSH_PACKAGE_VERSION \
         tini=$TINI_PACKAGE_VERSION \
-    && adduser -S -s /tmp/mysqldump.sh "$USER" \
+    && adduser -S -s /bin/ash "$USER" \
     && mkdir "$SSHD_HOST_KEYS_DIR" \
     && chown -c "$USER" "$SSHD_HOST_KEYS_DIR"
 VOLUME $SSHD_HOST_KEYS_DIR

docker-compose.yml

@@ -33,8 +33,6 @@ services:
     volumes:
     - host_keys:/etc/ssh/host_keys:rw
     - authorized_keys:/home/dump/.ssh:ro
-    tmpfs:
-    - /tmp:nosuid,nodev,exec,size=4k # /tmp/mysqldump.sh
     read_only: true
     ports: ['127.0.0.1:2200:2200']
     cap_drop: [ALL]

entrypoint.sh

@@ -17,7 +17,5 @@ if [ -z "$MYSQLDUMP_ARGS" ]; then
     mysqldump --help
     exit 1
 fi
-echo -e "#!/bin/sh\nexec mysqldump $MYSQLDUMP_ARGS" > /tmp/mysqldump.sh
-chmod u+x /tmp/mysqldump.sh
 
 exec "$@"

sshd_config

@@ -38,5 +38,5 @@ X11Forwarding no
 PermitUserEnvironment no
 PrintMotd no
 
-# sshd invokes shell set in /etc/passwd
-ForceCommand exit 1
+# .* matches until \0
+ForceCommand exec mysqldump $(grep -o 'MYSQLDUMP_ARGS=.*' /proc/1/environ | cut -d = -f 2-)