Merge pull request #496 from infosiftr/functionalization

Functionalize the entrypoint to allow outside sourcing for extreme customizing of startup
2025-11-19 00:22:57 +03:00 · 2019-11-14 13:54:15 -08:00
parent a8613f4cda 8fada98158
commit 0c29c355f5
13 changed files with 2860 additions and 1560 deletions
--- a/10/alpine/docker-entrypoint.sh
+++ b/10/alpine/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
-		chown -R postgres "$POSTGRES_INITDB_WALDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_WALDIR"
 	fi
-	exec su-exec postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
+		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec su-exec postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/10/docker-entrypoint.sh
+++ b/10/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
-		chown -R postgres "$POSTGRES_INITDB_WALDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_WALDIR"
 	fi
-	exec gosu postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
+		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec gosu postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/11/alpine/docker-entrypoint.sh
+++ b/11/alpine/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
-		chown -R postgres "$POSTGRES_INITDB_WALDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_WALDIR"
 	fi
-	exec su-exec postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
+		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec su-exec postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/11/docker-entrypoint.sh
+++ b/11/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
-		chown -R postgres "$POSTGRES_INITDB_WALDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_WALDIR"
 	fi
-	exec gosu postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
+		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec gosu postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/12/alpine/docker-entrypoint.sh
+++ b/12/alpine/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
-		chown -R postgres "$POSTGRES_INITDB_WALDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_WALDIR"
 	fi
-	exec su-exec postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
+		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec su-exec postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/12/docker-entrypoint.sh
+++ b/12/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
-		chown -R postgres "$POSTGRES_INITDB_WALDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_WALDIR"
 	fi
-	exec gosu postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
+		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec gosu postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/9.4/alpine/docker-entrypoint.sh
+++ b/9.4/alpine/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_XLOGDIR"
-		chown -R postgres "$POSTGRES_INITDB_XLOGDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_XLOGDIR"
 	fi
-	exec su-exec postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
+		set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec su-exec postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/9.4/docker-entrypoint.sh
+++ b/9.4/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_XLOGDIR"
-		chown -R postgres "$POSTGRES_INITDB_XLOGDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_XLOGDIR"
 	fi
-	exec gosu postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
+		set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec gosu postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/9.5/alpine/docker-entrypoint.sh
+++ b/9.5/alpine/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_XLOGDIR"
-		chown -R postgres "$POSTGRES_INITDB_XLOGDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_XLOGDIR"
 	fi
-	exec su-exec postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
+		set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec su-exec postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/9.5/docker-entrypoint.sh
+++ b/9.5/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_XLOGDIR"
-		chown -R postgres "$POSTGRES_INITDB_XLOGDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_XLOGDIR"
 	fi
-	exec gosu postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
+		set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec gosu postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/9.6/alpine/docker-entrypoint.sh
+++ b/9.6/alpine/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_XLOGDIR"
-		chown -R postgres "$POSTGRES_INITDB_XLOGDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_XLOGDIR"
 	fi
-	exec su-exec postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
+		set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec su-exec postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/9.6/docker-entrypoint.sh
+++ b/9.6/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_XLOGDIR"
-		chown -R postgres "$POSTGRES_INITDB_XLOGDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_XLOGDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_XLOGDIR"
 	fi
-	exec gosu postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir $POSTGRES_INITDB_XLOGDIR"
+		set -- --xlogdir "$POSTGRES_INITDB_XLOGDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec gosu postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -24,37 +24,46 @@ file_env() {
 	unset "$fileVar"
 }
-if [ "${1:0:1}" = '-' ]; then
+# check to see if this file is being run or sourced from another script
-	set -- postgres "$@"
+_is_sourced() {
-fi
+	# https://unix.stackexchange.com/a/215279
 	[ "${#FUNCNAME[@]}" -ge 2 ] \
 		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
 		&& [ "${FUNCNAME[1]}" = 'source' ]
 }
 # used to create initial posgres directories and if run as root, ensure ownership to the "postgres" user
 docker_create_db_directories() {
 	local user; user="$(id -u)"
 # allow the container to be started with `--user`
 if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 	mkdir -p "$PGDATA"
 	chown -R postgres "$PGDATA"
 	chmod 700 "$PGDATA"
-	mkdir -p /var/run/postgresql
+	# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
-	chown -R postgres /var/run/postgresql
+	mkdir -p /var/run/postgresql || :
-	chmod 775 /var/run/postgresql
+	chmod 775 /var/run/postgresql || :
-	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
+	# Create the transaction log directory before initdb is run so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
 		mkdir -p "$POSTGRES_INITDB_WALDIR"
-		chown -R postgres "$POSTGRES_INITDB_WALDIR"
+		if [ "$user" = '0' ]; then
 			find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
 		fi
 		chmod 700 "$POSTGRES_INITDB_WALDIR"
 	fi
-	exec gosu postgres "$BASH_SOURCE" "$@"
+	# allow the container to be started with `--user`
-fi
+	if [ "$user" = '0' ]; then
 		find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
 		find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
 	fi
 }
-if [ "$1" = 'postgres' ]; then
+# initialize empty PGDATA directory with new database via 'initdb'
-	mkdir -p "$PGDATA"
+# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
-	chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
+# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
-	chmod 700 "$PGDATA" 2>/dev/null || :
+# this is also where the database user is created, specified by `POSTGRES_USER` env
-
+docker_init_database_dir() {
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ ! -s "$PGDATA/PG_VERSION" ]; then
 	# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
 	# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
 	if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
@@ -65,26 +74,23 @@ if [ "$1" = 'postgres' ]; then
 		echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
 	fi
 		file_env 'POSTGRES_USER' 'postgres'
 		file_env 'POSTGRES_PASSWORD'
 		file_env 'POSTGRES_INITDB_ARGS'
 	if [ "$POSTGRES_INITDB_WALDIR" ]; then
-			export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --waldir $POSTGRES_INITDB_WALDIR"
+		set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
 	fi
-		eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
+
 	eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
 	# unset/cleanup "nss_wrapper" bits
 	if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
 		rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
 		unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
 	fi
 }
 # print large warning if POSTGRES_PASSWORD is empty
 docker_verify_minimum_env() {
 	# check password first so we can output the warning before postgres
 	# messes it up
 		if [ -n "$POSTGRES_PASSWORD" ]; then
 			authMethod=md5
 	if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
 		cat >&2 <<-'EOWARN'
@@ -97,7 +103,7 @@ if [ "$1" = 'postgres' ]; then
 		EOWARN
 	fi
-		else
+	if [ -z "$POSTGRES_PASSWORD" ]; then
 		# The - option suppresses leading tabs but *not* spaces. :)
 		cat >&2 <<-'EOWARN'
 			****************************************************
@@ -113,36 +119,19 @@ if [ "$1" = 'postgres' ]; then
 			****************************************************
 		EOWARN
 			authMethod=trust
 	fi
 }
-		{
+# usage: docker_process_init_files [file [file [...]]]
-			echo
+#    ie: docker_process_init_files /always-initdb.d/*
-			echo "host all all all $authMethod"
+# process initializer files, based on file extensions and permissions
-		} >> "$PGDATA/pg_hba.conf"
+docker_process_init_files() {
-
+	# psql here for backwards compatiblilty "${psql[@]}"
-		# internal start of server in order to allow set-up using psql-client
+	psql=( docker_process_sql )
 		# does not listen on external TCP/IP and waits until start finishes
 		PGUSER="${PGUSER:-$POSTGRES_USER}" \
 		pg_ctl -D "$PGDATA" \
 			-o "-c listen_addresses=''" \
 			-w start
 		file_env 'POSTGRES_DB' "$POSTGRES_USER"
 		export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 		psql=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 		if [ "$POSTGRES_DB" != 'postgres' ]; then
 			"${psql[@]}" --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 				CREATE DATABASE :"db" ;
 			EOSQL
 			echo
 		fi
 		psql+=( --dbname "$POSTGRES_DB" )
 	echo
-		for f in /docker-entrypoint-initdb.d/*; do
+	local f
 	for f; do
 		case "$f" in
 			*.sh)
 				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
@@ -155,22 +144,133 @@ if [ "$1" = 'postgres' ]; then
 					. "$f"
 				fi
 				;;
-				*.sql)    echo "$0: running $f"; "${psql[@]}" -f "$f"; echo ;;
+			*.sql)    echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
-				*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${psql[@]}"; echo ;;
+			*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
 			*)        echo "$0: ignoring $f" ;;
 		esac
 		echo
 	done
 }
 # Execute sql script, passed via stdin (or -f flag of pqsl)
 # usage: docker_process_sql [psql-cli-args]
 #    ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
 #    ie: docker_process_sql -f my-file.sql
 #    ie: docker_process_sql <my-file.sql
 docker_process_sql() {
 	local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password )
 	if [ -n "$POSTGRES_DB" ]; then
 		query_runner+=( --dbname "$POSTGRES_DB" )
 	fi
 	"${query_runner[@]}" "$@"
 }
 # create initial database
 # uses environment variables for input: POSTGRES_DB
 docker_setup_db() {
 	if [ "$POSTGRES_DB" != 'postgres' ]; then
 		POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
 			CREATE DATABASE :"db" ;
 		EOSQL
 		echo
 	fi
 }
 # Loads various settings that are used elsewhere in the script
 # This should be called before any other functions
 docker_setup_env() {
 	file_env 'POSTGRES_PASSWORD'
 	file_env 'POSTGRES_USER' 'postgres'
 	file_env 'POSTGRES_DB' "$POSTGRES_USER"
 	file_env 'POSTGRES_INITDB_ARGS'
 	declare -g DATABASE_ALREADY_EXISTS
 	# look specifically for PG_VERSION, as it is expected in the DB dir
 	if [ -s "$PGDATA/PG_VERSION" ]; then
 		DATABASE_ALREADY_EXISTS='true'
 	fi
 }
 # append md5 or trust auth to pg_hba.conf based on existence of POSTGRES_PASSWORD
 pg_setup_hba_conf() {
 	local authMethod='md5'
 	if [ -z "$POSTGRES_PASSWORD" ]; then
 		authMethod='trust'
 	fi
 	{
 		echo
 		echo "host all all all $authMethod"
 	} >> "$PGDATA/pg_hba.conf"
 }
 # start socket-only postgresql server for setting up or running scripts
 # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
 docker_temp_server_start() {
 	if [ "$1" = 'postgres' ]; then
 		shift
 	fi
 	# internal start of server in order to allow setup using psql client
 	# does not listen on external TCP/IP and waits until start finishes (can be overridden via args)
 	PGUSER="${PGUSER:-$POSTGRES_USER}" \
-		pg_ctl -D "$PGDATA" -m fast -w stop
+	pg_ctl -D "$PGDATA" \
 		-o "-c listen_addresses='' $([ "$#" -gt 0 ] && printf '%q ' "$@")" \
 		-w start
 }
 # stop postgresql server after done setting up user and running scripts
 docker_temp_server_stop() {
 	PGUSER="${PGUSER:-postgres}" \
 	pg_ctl -D "$PGDATA" -m fast -w stop
 }
 _main() {
 	# if first arg looks like a flag, assume we want to run postgres server
 	if [ "${1:0:1}" = '-' ]; then
 		set -- postgres "$@"
 	fi
 	if [ "$1" = 'postgres' ]; then
 		docker_setup_env
 		# setup data directories and permissions (when run as root)
 		docker_create_db_directories
 		if [ "$(id -u)" = '0' ]; then
 			# then restart script as postgres user
 			exec gosu postgres "$BASH_SOURCE" "$@"
 		fi
 		# only run initialization on an empty data directory
 		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
 			docker_verify_minimum_env
 			docker_init_database_dir
 			pg_setup_hba_conf
 			# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
 			# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
 			export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
 			docker_temp_server_start "$@"
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 			docker_temp_server_stop
 			unset PGPASSWORD
 			echo
 			echo 'PostgreSQL init process complete; ready for start up.'
 			echo
 		else
 			echo
 			echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
 			echo
 		fi
 	fi
 fi
-exec "$@"
+	exec "$@"
 }
 if ! _is_sourced; then
 	_main "$@"
 fi