mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-26 00:03:16 +00:00
opt-in fixing of user/group ownership of files
This commit is contained in:
parent
c64571e46d
commit
c12ef66c56
3 changed files with 34 additions and 4 deletions
|
@ -103,7 +103,7 @@ When a Pixelfed container starts up, the [`ENTRYPOINT`](https://docs.docker.com/
|
||||||
|
|
||||||
1. Search the `/docker/entrypoint.d/` directory for files and for each file (in lexical order).
|
1. Search the `/docker/entrypoint.d/` directory for files and for each file (in lexical order).
|
||||||
1. Check if the file is executable.
|
1. Check if the file is executable.
|
||||||
1. If the file is not executable, print an error and exit the container.
|
1. If the file is *not* executable, print an error and exit the container.
|
||||||
1. If the file has the extension `.envsh` the file will be [sourced](https://superuser.com/a/46146).
|
1. If the file has the extension `.envsh` the file will be [sourced](https://superuser.com/a/46146).
|
||||||
1. If the file has the extension `.sh` the file will be run like a normal script.
|
1. If the file has the extension `.sh` the file will be run like a normal script.
|
||||||
1. Any other file extension will log a warning and will be ignored.
|
1. Any other file extension will log a warning and will be ignored.
|
||||||
|
@ -159,6 +159,15 @@ Please see the
|
||||||
* [gomplate syntax documentation](https://docs.gomplate.ca/syntax/)
|
* [gomplate syntax documentation](https://docs.gomplate.ca/syntax/)
|
||||||
* [gomplate functions documentation](https://docs.gomplate.ca/functions/)
|
* [gomplate functions documentation](https://docs.gomplate.ca/functions/)
|
||||||
|
|
||||||
|
### Fixing ownership on startup
|
||||||
|
|
||||||
|
You can set the environment variable `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS` to a list of paths that should have their `$USER` and `$GROUP` ownership changed to the configured runtime user and group during container bootstrapping.
|
||||||
|
|
||||||
|
The variable is a space-delimited list shown below and accepts both relative and absolute paths:
|
||||||
|
|
||||||
|
* `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS="./storage ./bootstrap"`
|
||||||
|
* `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS="/some/other/folder"`
|
||||||
|
|
||||||
## Build settings (arguments)
|
## Build settings (arguments)
|
||||||
|
|
||||||
The Pixelfed Dockerfile utilizes [Docker Multi-stage builds](https://docs.docker.com/build/building/multi-stage/) and [Build arguments](https://docs.docker.com/build/guide/build-args/).
|
The Pixelfed Dockerfile utilizes [Docker Multi-stage builds](https://docs.docker.com/build/building/multi-stage/) and [Build arguments](https://docs.docker.com/build/guide/build-args/).
|
||||||
|
|
|
@ -3,8 +3,8 @@ source /docker/helpers.sh
|
||||||
|
|
||||||
entrypoint-set-name "$0"
|
entrypoint-set-name "$0"
|
||||||
|
|
||||||
|
# Copy the [storage/] skeleton files over the "real" [storage/] directory so assets are updated between versions
|
||||||
run-as-runtime-user cp --recursive storage.skel/* storage/
|
run-as-runtime-user cp --recursive storage.skel/* storage/
|
||||||
run-as-runtime-user php artisan storage:link
|
|
||||||
|
|
||||||
log-info "Ensure permissions are correct"
|
# Ensure storage linkk are correctly configured
|
||||||
chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} storage/ bootstrap/
|
run-as-runtime-user php artisan storage:link
|
||||||
|
|
21
contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh
Executable file
21
contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh
Executable file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
source /docker/helpers.sh
|
||||||
|
|
||||||
|
entrypoint-set-name "$0"
|
||||||
|
|
||||||
|
# Optionally fix ownership of configured paths
|
||||||
|
: ${ENTRYPOINT_ENSURE_OWNERSHIP_PATHS:=""}
|
||||||
|
|
||||||
|
declare -a ensure_ownership_paths=()
|
||||||
|
IFS=' ' read -a ensure_ownership_paths <<<"$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS"
|
||||||
|
|
||||||
|
if [[ ${#ensure_ownership_paths} == 0 ]]; then
|
||||||
|
log-info "No paths has been configured for ownership fixes via [\$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS]."
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
for path in "${ensure_ownership_paths[@]}"; do
|
||||||
|
log-info "Ensure ownership of [${path}] correct"
|
||||||
|
chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} "${path}"
|
||||||
|
done
|
Loading…
Reference in a new issue