From c12ef66c5642d43b1a2efa64c03bf6d6b131c2d3 Mon Sep 17 00:00:00 2001 From: Christian Winther Date: Thu, 4 Jan 2024 22:33:41 +0000 Subject: [PATCH] opt-in fixing of user/group ownership of files --- contrib/docker/README.md | 11 +++++++++- .../root/docker/entrypoint.d/10-storage.sh | 6 +++--- .../entrypoint.d/15-storage-permissions.sh | 21 +++++++++++++++++++ 3 files changed, 34 insertions(+), 4 deletions(-) create mode 100755 contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh diff --git a/contrib/docker/README.md b/contrib/docker/README.md index a0b07f5f..b07a9b1b 100644 --- a/contrib/docker/README.md +++ b/contrib/docker/README.md @@ -103,7 +103,7 @@ When a Pixelfed container starts up, the [`ENTRYPOINT`](https://docs.docker.com/ 1. Search the `/docker/entrypoint.d/` directory for files and for each file (in lexical order). 1. Check if the file is executable. - 1. If the file is not executable, print an error and exit the container. + 1. If the file is *not* executable, print an error and exit the container. 1. If the file has the extension `.envsh` the file will be [sourced](https://superuser.com/a/46146). 1. If the file has the extension `.sh` the file will be run like a normal script. 1. Any other file extension will log a warning and will be ignored. @@ -159,6 +159,15 @@ Please see the * [gomplate syntax documentation](https://docs.gomplate.ca/syntax/) * [gomplate functions documentation](https://docs.gomplate.ca/functions/) +### Fixing ownership on startup + +You can set the environment variable `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS` to a list of paths that should have their `$USER` and `$GROUP` ownership changed to the configured runtime user and group during container bootstrapping. + +The variable is a space-delimited list shown below and accepts both relative and absolute paths: + +* `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS="./storage ./bootstrap"` +* `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS="/some/other/folder"` + ## Build settings (arguments) The Pixelfed Dockerfile utilizes [Docker Multi-stage builds](https://docs.docker.com/build/building/multi-stage/) and [Build arguments](https://docs.docker.com/build/guide/build-args/). diff --git a/contrib/docker/shared/root/docker/entrypoint.d/10-storage.sh b/contrib/docker/shared/root/docker/entrypoint.d/10-storage.sh index 14f66dc2..83e0abf3 100755 --- a/contrib/docker/shared/root/docker/entrypoint.d/10-storage.sh +++ b/contrib/docker/shared/root/docker/entrypoint.d/10-storage.sh @@ -3,8 +3,8 @@ source /docker/helpers.sh entrypoint-set-name "$0" +# Copy the [storage/] skeleton files over the "real" [storage/] directory so assets are updated between versions run-as-runtime-user cp --recursive storage.skel/* storage/ -run-as-runtime-user php artisan storage:link -log-info "Ensure permissions are correct" -chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} storage/ bootstrap/ +# Ensure storage linkk are correctly configured +run-as-runtime-user php artisan storage:link diff --git a/contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh b/contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh new file mode 100755 index 00000000..0a67e3fa --- /dev/null +++ b/contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh @@ -0,0 +1,21 @@ +#!/bin/bash +source /docker/helpers.sh + +entrypoint-set-name "$0" + +# Optionally fix ownership of configured paths +: ${ENTRYPOINT_ENSURE_OWNERSHIP_PATHS:=""} + +declare -a ensure_ownership_paths=() +IFS=' ' read -a ensure_ownership_paths <<<"$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS" + +if [[ ${#ensure_ownership_paths} == 0 ]]; then + log-info "No paths has been configured for ownership fixes via [\$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS]." + + exit 0 +fi + +for path in "${ensure_ownership_paths[@]}"; do + log-info "Ensure ownership of [${path}] correct" + chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} "${path}" +done