opt-in fixing of user/group ownership of files

This commit is contained in:
Christian Winther 2024-01-04 22:33:41 +00:00
parent c64571e46d
commit c12ef66c56
3 changed files with 34 additions and 4 deletions

View file

@ -103,7 +103,7 @@ When a Pixelfed container starts up, the [`ENTRYPOINT`](https://docs.docker.com/
1. Search the `/docker/entrypoint.d/` directory for files and for each file (in lexical order).
1. Check if the file is executable.
1. If the file is not executable, print an error and exit the container.
1. If the file is *not* executable, print an error and exit the container.
1. If the file has the extension `.envsh` the file will be [sourced](https://superuser.com/a/46146).
1. If the file has the extension `.sh` the file will be run like a normal script.
1. Any other file extension will log a warning and will be ignored.
@ -159,6 +159,15 @@ Please see the
* [gomplate syntax documentation](https://docs.gomplate.ca/syntax/)
* [gomplate functions documentation](https://docs.gomplate.ca/functions/)
### Fixing ownership on startup
You can set the environment variable `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS` to a list of paths that should have their `$USER` and `$GROUP` ownership changed to the configured runtime user and group during container bootstrapping.
The variable is a space-delimited list shown below and accepts both relative and absolute paths:
* `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS="./storage ./bootstrap"`
* `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS="/some/other/folder"`
## Build settings (arguments)
The Pixelfed Dockerfile utilizes [Docker Multi-stage builds](https://docs.docker.com/build/building/multi-stage/) and [Build arguments](https://docs.docker.com/build/guide/build-args/).

View file

@ -3,8 +3,8 @@ source /docker/helpers.sh
entrypoint-set-name "$0"
# Copy the [storage/] skeleton files over the "real" [storage/] directory so assets are updated between versions
run-as-runtime-user cp --recursive storage.skel/* storage/
run-as-runtime-user php artisan storage:link
log-info "Ensure permissions are correct"
chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} storage/ bootstrap/
# Ensure storage linkk are correctly configured
run-as-runtime-user php artisan storage:link

View file

@ -0,0 +1,21 @@
#!/bin/bash
source /docker/helpers.sh
entrypoint-set-name "$0"
# Optionally fix ownership of configured paths
: ${ENTRYPOINT_ENSURE_OWNERSHIP_PATHS:=""}
declare -a ensure_ownership_paths=()
IFS=' ' read -a ensure_ownership_paths <<<"$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS"
if [[ ${#ensure_ownership_paths} == 0 ]]; then
log-info "No paths has been configured for ownership fixes via [\$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS]."
exit 0
fi
for path in "${ensure_ownership_paths[@]}"; do
log-info "Ensure ownership of [${path}] correct"
chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} "${path}"
done