From bd3fc10d7d6b8e94293ceb3887c44bed2a77d721 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 17 Jul 2017 21:35:16 +0200 Subject: [PATCH 1/4] update directory permissions to be compatible with non-root This commit updates the directory permissions to be more compatible when running the image without root f.e. on OpenShift or when specifying it when running with `docker run --user www-data:root ...`. It adds detection logic to the entrypoint script as sudo is not always allowed. This change in directory permissions was also proposed by the official documentation, see https://github.com/nextcloud/documentation/commit/22e2530. The `chown` before the volume definition is needed to prepare the volume as it inherits the permissions. refs https://github.com/nextcloud/docker/issues/107 --- 10.0/apache/Dockerfile | 10 ++-------- 10.0/apache/docker-entrypoint.sh | 22 +++++++++++++++++----- 10.0/fpm/Dockerfile | 10 ++-------- 10.0/fpm/docker-entrypoint.sh | 22 +++++++++++++++++----- 11.0/apache/Dockerfile | 10 ++-------- 11.0/apache/docker-entrypoint.sh | 22 +++++++++++++++++----- 11.0/fpm/Dockerfile | 10 ++-------- 11.0/fpm/docker-entrypoint.sh | 22 +++++++++++++++++----- 12.0/apache/Dockerfile | 10 ++-------- 12.0/apache/docker-entrypoint.sh | 22 +++++++++++++++++----- 12.0/fpm/Dockerfile | 10 ++-------- 12.0/fpm/docker-entrypoint.sh | 22 +++++++++++++++++----- Dockerfile-php7.template | 10 ++-------- Dockerfile.template | 10 ++-------- docker-entrypoint.sh | 22 +++++++++++++++++----- 15 files changed, 135 insertions(+), 99 deletions(-) diff --git a/10.0/apache/Dockerfile b/10.0/apache/Dockerfile index 1f38d8e..434fe7f 100644 --- a/10.0/apache/Dockerfile +++ b/10.0/apache/Dockerfile @@ -42,6 +42,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 10.0.6 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -58,16 +60,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/10.0/apache/docker-entrypoint.sh b/10.0/apache/docker-entrypoint.sh index f073581..61242d4 100755 --- a/10.0/apache/docker-entrypoint.sh +++ b/10.0/apache/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/10.0/fpm/Dockerfile b/10.0/fpm/Dockerfile index cc1fe76..904713c 100644 --- a/10.0/fpm/Dockerfile +++ b/10.0/fpm/Dockerfile @@ -40,6 +40,8 @@ RUN set -ex \ && docker-php-ext-enable apcu redis memcached ENV NEXTCLOUD_VERSION 10.0.6 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -56,16 +58,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/10.0/fpm/docker-entrypoint.sh b/10.0/fpm/docker-entrypoint.sh index f073581..61242d4 100755 --- a/10.0/fpm/docker-entrypoint.sh +++ b/10.0/fpm/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/11.0/apache/Dockerfile b/11.0/apache/Dockerfile index 851d24f..1644c16 100644 --- a/11.0/apache/Dockerfile +++ b/11.0/apache/Dockerfile @@ -43,6 +43,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 11.0.4 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -59,16 +61,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/11.0/apache/docker-entrypoint.sh b/11.0/apache/docker-entrypoint.sh index f073581..61242d4 100755 --- a/11.0/apache/docker-entrypoint.sh +++ b/11.0/apache/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/11.0/fpm/Dockerfile b/11.0/fpm/Dockerfile index dd0d689..3a9b4ff 100644 --- a/11.0/fpm/Dockerfile +++ b/11.0/fpm/Dockerfile @@ -41,6 +41,8 @@ RUN set -ex \ && docker-php-ext-enable apcu redis memcached ENV NEXTCLOUD_VERSION 11.0.4 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -57,16 +59,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/11.0/fpm/docker-entrypoint.sh b/11.0/fpm/docker-entrypoint.sh index f073581..61242d4 100755 --- a/11.0/fpm/docker-entrypoint.sh +++ b/11.0/fpm/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/12.0/apache/Dockerfile b/12.0/apache/Dockerfile index d742d9c..10fdbb0 100644 --- a/12.0/apache/Dockerfile +++ b/12.0/apache/Dockerfile @@ -43,6 +43,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 12.0.2 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -59,16 +61,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/12.0/apache/docker-entrypoint.sh b/12.0/apache/docker-entrypoint.sh index f073581..61242d4 100755 --- a/12.0/apache/docker-entrypoint.sh +++ b/12.0/apache/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/12.0/fpm/Dockerfile b/12.0/fpm/Dockerfile index 02ef6f6..09eb43d 100644 --- a/12.0/fpm/Dockerfile +++ b/12.0/fpm/Dockerfile @@ -41,6 +41,8 @@ RUN set -ex \ && docker-php-ext-enable apcu redis memcached ENV NEXTCLOUD_VERSION 12.0.2 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -57,16 +59,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/12.0/fpm/docker-entrypoint.sh b/12.0/fpm/docker-entrypoint.sh index f073581..61242d4 100755 --- a/12.0/fpm/docker-entrypoint.sh +++ b/12.0/fpm/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/Dockerfile-php7.template b/Dockerfile-php7.template index d764607..54dd45b 100644 --- a/Dockerfile-php7.template +++ b/Dockerfile-php7.template @@ -43,6 +43,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION %%VERSION%% + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -59,16 +61,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/Dockerfile.template b/Dockerfile.template index 53c7ee4..6dfab79 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -42,6 +42,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION %%VERSION%% + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -58,16 +60,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f073581..61242d4 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after From 7366057ce105d50df72df819193182cabfafa4e1 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Mon, 7 Aug 2017 16:02:46 +0200 Subject: [PATCH 2/4] Move COPY back down --- 10.0/apache/Dockerfile | 3 +-- 10.0/fpm/Dockerfile | 3 +-- 11.0/apache/Dockerfile | 3 +-- 11.0/fpm/Dockerfile | 3 +-- 12.0/apache/Dockerfile | 3 +-- 12.0/fpm/Dockerfile | 3 +-- Dockerfile-php7.template | 3 +-- Dockerfile.template | 3 +-- 8 files changed, 8 insertions(+), 16 deletions(-) diff --git a/10.0/apache/Dockerfile b/10.0/apache/Dockerfile index 434fe7f..f134261 100644 --- a/10.0/apache/Dockerfile +++ b/10.0/apache/Dockerfile @@ -46,8 +46,6 @@ ENV NEXTCLOUD_VERSION 10.0.6 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -65,6 +63,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/10.0/fpm/Dockerfile b/10.0/fpm/Dockerfile index 904713c..57aa398 100644 --- a/10.0/fpm/Dockerfile +++ b/10.0/fpm/Dockerfile @@ -44,8 +44,6 @@ ENV NEXTCLOUD_VERSION 10.0.6 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -63,6 +61,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["php-fpm"] diff --git a/11.0/apache/Dockerfile b/11.0/apache/Dockerfile index 1644c16..0182e0a 100644 --- a/11.0/apache/Dockerfile +++ b/11.0/apache/Dockerfile @@ -47,8 +47,6 @@ ENV NEXTCLOUD_VERSION 11.0.4 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -66,6 +64,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/11.0/fpm/Dockerfile b/11.0/fpm/Dockerfile index 3a9b4ff..6fbe9a1 100644 --- a/11.0/fpm/Dockerfile +++ b/11.0/fpm/Dockerfile @@ -45,8 +45,6 @@ ENV NEXTCLOUD_VERSION 11.0.4 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -64,6 +62,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["php-fpm"] diff --git a/12.0/apache/Dockerfile b/12.0/apache/Dockerfile index 10fdbb0..2e4949c 100644 --- a/12.0/apache/Dockerfile +++ b/12.0/apache/Dockerfile @@ -47,8 +47,6 @@ ENV NEXTCLOUD_VERSION 12.0.2 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -66,6 +64,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/12.0/fpm/Dockerfile b/12.0/fpm/Dockerfile index 09eb43d..399ff1f 100644 --- a/12.0/fpm/Dockerfile +++ b/12.0/fpm/Dockerfile @@ -45,8 +45,6 @@ ENV NEXTCLOUD_VERSION 12.0.2 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -64,6 +62,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["php-fpm"] diff --git a/Dockerfile-php7.template b/Dockerfile-php7.template index 54dd45b..54a9a3b 100644 --- a/Dockerfile-php7.template +++ b/Dockerfile-php7.template @@ -47,8 +47,6 @@ ENV NEXTCLOUD_VERSION %%VERSION%% RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -66,6 +64,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["%%CMD%%"] diff --git a/Dockerfile.template b/Dockerfile.template index 6dfab79..8887319 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -46,8 +46,6 @@ ENV NEXTCLOUD_VERSION %%VERSION%% RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -65,6 +63,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["%%CMD%%"] From 69b4a015ed7c21cd829f9747e0209fb80604e7b3 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Thu, 10 Aug 2017 14:53:11 +0200 Subject: [PATCH 3/4] Fix permissions when running as root --- 10.0/apache/docker-entrypoint.sh | 16 ++++------------ 10.0/fpm/docker-entrypoint.sh | 16 ++++------------ 11.0/apache/docker-entrypoint.sh | 16 ++++------------ 11.0/fpm/docker-entrypoint.sh | 16 ++++------------ 12.0/apache/docker-entrypoint.sh | 16 ++++------------ 12.0/fpm/docker-entrypoint.sh | 16 ++++------------ docker-entrypoint.sh | 16 ++++------------ 7 files changed, 28 insertions(+), 84 deletions(-) diff --git a/10.0/apache/docker-entrypoint.sh b/10.0/apache/docker-entrypoint.sh index 61242d4..9298bb4 100755 --- a/10.0/apache/docker-entrypoint.sh +++ b/10.0/apache/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/10.0/fpm/docker-entrypoint.sh b/10.0/fpm/docker-entrypoint.sh index 61242d4..9298bb4 100755 --- a/10.0/fpm/docker-entrypoint.sh +++ b/10.0/fpm/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/11.0/apache/docker-entrypoint.sh b/11.0/apache/docker-entrypoint.sh index 61242d4..9298bb4 100755 --- a/11.0/apache/docker-entrypoint.sh +++ b/11.0/apache/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/11.0/fpm/docker-entrypoint.sh b/11.0/fpm/docker-entrypoint.sh index 61242d4..9298bb4 100755 --- a/11.0/fpm/docker-entrypoint.sh +++ b/11.0/fpm/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/12.0/apache/docker-entrypoint.sh b/12.0/apache/docker-entrypoint.sh index 61242d4..9298bb4 100755 --- a/12.0/apache/docker-entrypoint.sh +++ b/12.0/apache/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/12.0/fpm/docker-entrypoint.sh b/12.0/fpm/docker-entrypoint.sh index 61242d4..9298bb4 100755 --- a/12.0/fpm/docker-entrypoint.sh +++ b/12.0/fpm/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 61242d4..9298bb4 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' From 6ed3dfe5568941b482cd7d19a39bd19dec05f642 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 11 Aug 2017 20:09:14 +0200 Subject: [PATCH 4/4] directory permissions for root group --- 10.0/apache/Dockerfile | 3 ++- 10.0/fpm/Dockerfile | 3 ++- 11.0/apache/Dockerfile | 3 ++- 11.0/fpm/Dockerfile | 3 ++- 12.0/apache/Dockerfile | 3 ++- 12.0/fpm/Dockerfile | 3 ++- Dockerfile-php7.template | 3 ++- Dockerfile.template | 3 ++- 8 files changed, 16 insertions(+), 8 deletions(-) diff --git a/10.0/apache/Dockerfile b/10.0/apache/Dockerfile index f134261..e10976e 100644 --- a/10.0/apache/Dockerfile +++ b/10.0/apache/Dockerfile @@ -43,7 +43,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 10.0.6 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/10.0/fpm/Dockerfile b/10.0/fpm/Dockerfile index 57aa398..9cc0337 100644 --- a/10.0/fpm/Dockerfile +++ b/10.0/fpm/Dockerfile @@ -41,7 +41,8 @@ RUN set -ex \ ENV NEXTCLOUD_VERSION 10.0.6 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/11.0/apache/Dockerfile b/11.0/apache/Dockerfile index 0182e0a..ab9c68b 100644 --- a/11.0/apache/Dockerfile +++ b/11.0/apache/Dockerfile @@ -44,7 +44,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 11.0.4 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/11.0/fpm/Dockerfile b/11.0/fpm/Dockerfile index 6fbe9a1..6c75948 100644 --- a/11.0/fpm/Dockerfile +++ b/11.0/fpm/Dockerfile @@ -42,7 +42,8 @@ RUN set -ex \ ENV NEXTCLOUD_VERSION 11.0.4 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/12.0/apache/Dockerfile b/12.0/apache/Dockerfile index 2e4949c..9032b0a 100644 --- a/12.0/apache/Dockerfile +++ b/12.0/apache/Dockerfile @@ -44,7 +44,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 12.0.2 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/12.0/fpm/Dockerfile b/12.0/fpm/Dockerfile index 399ff1f..e0c75fd 100644 --- a/12.0/fpm/Dockerfile +++ b/12.0/fpm/Dockerfile @@ -42,7 +42,8 @@ RUN set -ex \ ENV NEXTCLOUD_VERSION 12.0.2 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/Dockerfile-php7.template b/Dockerfile-php7.template index 54a9a3b..fd15327 100644 --- a/Dockerfile-php7.template +++ b/Dockerfile-php7.template @@ -44,7 +44,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION %%VERSION%% -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/Dockerfile.template b/Dockerfile.template index 8887319..fbf9d62 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -43,7 +43,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION %%VERSION%% -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \