From d253cc11713122ca49e8bb1857ac9e6772440d20 Mon Sep 17 00:00:00 2001
From: Tilo Spannagel <development@tilosp.de>
Date: Wed, 19 Apr 2017 19:29:51 +0200
Subject: [PATCH] strong permissions

---
 10.0/apache/Dockerfile           | 13 ++++++++++++-
 10.0/apache/docker-entrypoint.sh |  9 +++++++--
 10.0/fpm/Dockerfile              | 13 ++++++++++++-
 10.0/fpm/docker-entrypoint.sh    |  9 +++++++--
 11.0/apache/Dockerfile           | 13 ++++++++++++-
 11.0/apache/docker-entrypoint.sh |  9 +++++++--
 11.0/fpm/Dockerfile              | 13 ++++++++++++-
 11.0/fpm/docker-entrypoint.sh    |  9 +++++++--
 9.0/apache/Dockerfile            | 17 ++++++++++++++++-
 9.0/apache/docker-entrypoint.sh  |  9 +++++++--
 9.0/fpm/Dockerfile               | 17 ++++++++++++++++-
 9.0/fpm/docker-entrypoint.sh     |  9 +++++++--
 Dockerfile-php7.template         | 17 ++++++++++++++++-
 Dockerfile.template              | 17 ++++++++++++++++-
 docker-entrypoint.sh             |  9 +++++++--
 update.sh                        |  5 +++++
 16 files changed, 166 insertions(+), 22 deletions(-)

diff --git a/10.0/apache/Dockerfile b/10.0/apache/Dockerfile
index 51f65a0..95ac1e4 100644
--- a/10.0/apache/Dockerfile
+++ b/10.0/apache/Dockerfile
@@ -54,7 +54,18 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
- && rm -rf /usr/src/nextcloud/updater
+ && rm -rf /usr/src/nextcloud/updater \
+ # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
+ && mkdir -p /usr/src/nextcloud/data \
+ && mkdir -p /usr/src/nextcloud/custom_apps \
+ && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
+ && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
+ && chown -R root:www-data /usr/src/nextcloud/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/config/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/data/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
+ && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
 COPY apps.config.php /usr/src/nextcloud/config/apps.config.php
diff --git a/10.0/apache/docker-entrypoint.sh b/10.0/apache/docker-entrypoint.sh
index 7c17114..b2bf65e 100755
--- a/10.0/apache/docker-entrypoint.sh
+++ b/10.0/apache/docker-entrypoint.sh
@@ -28,9 +28,14 @@ if version_greater "$image_version" "$installed_version"; then
         cp -arT /usr/src/nextcloud/config /var/www/html/config
     fi
 
-    mkdir -p /var/www/html/custom_apps
+    if [ ! -d /var/www/html/data ]; then
+        cp -arT /usr/src/nextcloud/data /var/www/html/data
+    fi
 
-    chown -R www-data /var/www/html
+    if [ ! -d /var/www/html/custom_apps ]; then
+        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
+        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
+    fi
 
     if [ "$installed_version" != "0.0.0~unknown" ]; then
         su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
diff --git a/10.0/fpm/Dockerfile b/10.0/fpm/Dockerfile
index c8861c3..a726bed 100644
--- a/10.0/fpm/Dockerfile
+++ b/10.0/fpm/Dockerfile
@@ -52,7 +52,18 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
- && rm -rf /usr/src/nextcloud/updater
+ && rm -rf /usr/src/nextcloud/updater \
+ # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
+ && mkdir -p /usr/src/nextcloud/data \
+ && mkdir -p /usr/src/nextcloud/custom_apps \
+ && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
+ && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
+ && chown -R root:www-data /usr/src/nextcloud/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/config/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/data/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
+ && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
 COPY apps.config.php /usr/src/nextcloud/config/apps.config.php
diff --git a/10.0/fpm/docker-entrypoint.sh b/10.0/fpm/docker-entrypoint.sh
index 7c17114..b2bf65e 100755
--- a/10.0/fpm/docker-entrypoint.sh
+++ b/10.0/fpm/docker-entrypoint.sh
@@ -28,9 +28,14 @@ if version_greater "$image_version" "$installed_version"; then
         cp -arT /usr/src/nextcloud/config /var/www/html/config
     fi
 
-    mkdir -p /var/www/html/custom_apps
+    if [ ! -d /var/www/html/data ]; then
+        cp -arT /usr/src/nextcloud/data /var/www/html/data
+    fi
 
-    chown -R www-data /var/www/html
+    if [ ! -d /var/www/html/custom_apps ]; then
+        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
+        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
+    fi
 
     if [ "$installed_version" != "0.0.0~unknown" ]; then
         su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
diff --git a/11.0/apache/Dockerfile b/11.0/apache/Dockerfile
index 6171654..ef9d25b 100644
--- a/11.0/apache/Dockerfile
+++ b/11.0/apache/Dockerfile
@@ -54,7 +54,18 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
- && rm -rf /usr/src/nextcloud/updater
+ && rm -rf /usr/src/nextcloud/updater \
+ # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
+ && mkdir -p /usr/src/nextcloud/data \
+ && mkdir -p /usr/src/nextcloud/custom_apps \
+ && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
+ && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
+ && chown -R root:www-data /usr/src/nextcloud/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/config/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/data/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
+ && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
 COPY apps.config.php /usr/src/nextcloud/config/apps.config.php
diff --git a/11.0/apache/docker-entrypoint.sh b/11.0/apache/docker-entrypoint.sh
index 7c17114..b2bf65e 100755
--- a/11.0/apache/docker-entrypoint.sh
+++ b/11.0/apache/docker-entrypoint.sh
@@ -28,9 +28,14 @@ if version_greater "$image_version" "$installed_version"; then
         cp -arT /usr/src/nextcloud/config /var/www/html/config
     fi
 
-    mkdir -p /var/www/html/custom_apps
+    if [ ! -d /var/www/html/data ]; then
+        cp -arT /usr/src/nextcloud/data /var/www/html/data
+    fi
 
-    chown -R www-data /var/www/html
+    if [ ! -d /var/www/html/custom_apps ]; then
+        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
+        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
+    fi
 
     if [ "$installed_version" != "0.0.0~unknown" ]; then
         su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
diff --git a/11.0/fpm/Dockerfile b/11.0/fpm/Dockerfile
index 82bc3c6..81dedee 100644
--- a/11.0/fpm/Dockerfile
+++ b/11.0/fpm/Dockerfile
@@ -52,7 +52,18 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
- && rm -rf /usr/src/nextcloud/updater
+ && rm -rf /usr/src/nextcloud/updater \
+ # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
+ && mkdir -p /usr/src/nextcloud/data \
+ && mkdir -p /usr/src/nextcloud/custom_apps \
+ && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
+ && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
+ && chown -R root:www-data /usr/src/nextcloud/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/config/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/data/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
+ && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
 COPY apps.config.php /usr/src/nextcloud/config/apps.config.php
diff --git a/11.0/fpm/docker-entrypoint.sh b/11.0/fpm/docker-entrypoint.sh
index 7c17114..b2bf65e 100755
--- a/11.0/fpm/docker-entrypoint.sh
+++ b/11.0/fpm/docker-entrypoint.sh
@@ -28,9 +28,14 @@ if version_greater "$image_version" "$installed_version"; then
         cp -arT /usr/src/nextcloud/config /var/www/html/config
     fi
 
-    mkdir -p /var/www/html/custom_apps
+    if [ ! -d /var/www/html/data ]; then
+        cp -arT /usr/src/nextcloud/data /var/www/html/data
+    fi
 
-    chown -R www-data /var/www/html
+    if [ ! -d /var/www/html/custom_apps ]; then
+        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
+        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
+    fi
 
     if [ "$installed_version" != "0.0.0~unknown" ]; then
         su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
diff --git a/9.0/apache/Dockerfile b/9.0/apache/Dockerfile
index 217d0f6..c619bcf 100644
--- a/9.0/apache/Dockerfile
+++ b/9.0/apache/Dockerfile
@@ -54,7 +54,22 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
- && rm -rf /usr/src/nextcloud/updater
+ && rm -rf /usr/src/nextcloud/updater \
+ # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
+ && mkdir -p /usr/src/nextcloud/data \
+ && mkdir -p /usr/src/nextcloud/custom_apps \
+ # only used in nextcloud 9 (assets)
+ && mkdir -p /usr/src/nextcloud/assets \
+ && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
+ && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
+ && chown -R root:www-data /usr/src/nextcloud/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/config/ \
+ # only used in nextcloud 9 (assets)
+ && chown -R www-data:www-data /usr/src/nextcloud/assets/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/data/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
+ && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
 COPY apps.config.php /usr/src/nextcloud/config/apps.config.php
diff --git a/9.0/apache/docker-entrypoint.sh b/9.0/apache/docker-entrypoint.sh
index 7c17114..b2bf65e 100755
--- a/9.0/apache/docker-entrypoint.sh
+++ b/9.0/apache/docker-entrypoint.sh
@@ -28,9 +28,14 @@ if version_greater "$image_version" "$installed_version"; then
         cp -arT /usr/src/nextcloud/config /var/www/html/config
     fi
 
-    mkdir -p /var/www/html/custom_apps
+    if [ ! -d /var/www/html/data ]; then
+        cp -arT /usr/src/nextcloud/data /var/www/html/data
+    fi
 
-    chown -R www-data /var/www/html
+    if [ ! -d /var/www/html/custom_apps ]; then
+        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
+        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
+    fi
 
     if [ "$installed_version" != "0.0.0~unknown" ]; then
         su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
diff --git a/9.0/fpm/Dockerfile b/9.0/fpm/Dockerfile
index fa67371..160e4e9 100644
--- a/9.0/fpm/Dockerfile
+++ b/9.0/fpm/Dockerfile
@@ -52,7 +52,22 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
- && rm -rf /usr/src/nextcloud/updater
+ && rm -rf /usr/src/nextcloud/updater \
+ # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
+ && mkdir -p /usr/src/nextcloud/data \
+ && mkdir -p /usr/src/nextcloud/custom_apps \
+ # only used in nextcloud 9 (assets)
+ && mkdir -p /usr/src/nextcloud/assets \
+ && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
+ && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
+ && chown -R root:www-data /usr/src/nextcloud/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/config/ \
+ # only used in nextcloud 9 (assets)
+ && chown -R www-data:www-data /usr/src/nextcloud/assets/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/data/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
+ && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
 COPY apps.config.php /usr/src/nextcloud/config/apps.config.php
diff --git a/9.0/fpm/docker-entrypoint.sh b/9.0/fpm/docker-entrypoint.sh
index 7c17114..b2bf65e 100755
--- a/9.0/fpm/docker-entrypoint.sh
+++ b/9.0/fpm/docker-entrypoint.sh
@@ -28,9 +28,14 @@ if version_greater "$image_version" "$installed_version"; then
         cp -arT /usr/src/nextcloud/config /var/www/html/config
     fi
 
-    mkdir -p /var/www/html/custom_apps
+    if [ ! -d /var/www/html/data ]; then
+        cp -arT /usr/src/nextcloud/data /var/www/html/data
+    fi
 
-    chown -R www-data /var/www/html
+    if [ ! -d /var/www/html/custom_apps ]; then
+        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
+        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
+    fi
 
     if [ "$installed_version" != "0.0.0~unknown" ]; then
         su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
diff --git a/Dockerfile-php7.template b/Dockerfile-php7.template
index ade7622..345009d 100644
--- a/Dockerfile-php7.template
+++ b/Dockerfile-php7.template
@@ -54,7 +54,22 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
- && rm -rf /usr/src/nextcloud/updater
+ && rm -rf /usr/src/nextcloud/updater \
+ # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
+ && mkdir -p /usr/src/nextcloud/data \
+ && mkdir -p /usr/src/nextcloud/custom_apps \
+ # only used in nextcloud 9 (assets)
+ && mkdir -p /usr/src/nextcloud/assets \
+ && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
+ && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
+ && chown -R root:www-data /usr/src/nextcloud/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/config/ \
+ # only used in nextcloud 9 (assets)
+ && chown -R www-data:www-data /usr/src/nextcloud/assets/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/data/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
+ && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
 COPY apps.config.php /usr/src/nextcloud/config/apps.config.php
diff --git a/Dockerfile.template b/Dockerfile.template
index 23ac040..24ef5e9 100644
--- a/Dockerfile.template
+++ b/Dockerfile.template
@@ -54,7 +54,22 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
- && rm -rf /usr/src/nextcloud/updater
+ && rm -rf /usr/src/nextcloud/updater \
+ # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
+ && mkdir -p /usr/src/nextcloud/data \
+ && mkdir -p /usr/src/nextcloud/custom_apps \
+ # only used in nextcloud 9 (assets)
+ && mkdir -p /usr/src/nextcloud/assets \
+ && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
+ && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
+ && chown -R root:www-data /usr/src/nextcloud/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/config/ \
+ # only used in nextcloud 9 (assets)
+ && chown -R www-data:www-data /usr/src/nextcloud/assets/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/data/ \
+ && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
+ && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
 COPY apps.config.php /usr/src/nextcloud/config/apps.config.php
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 7c17114..b2bf65e 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -28,9 +28,14 @@ if version_greater "$image_version" "$installed_version"; then
         cp -arT /usr/src/nextcloud/config /var/www/html/config
     fi
 
-    mkdir -p /var/www/html/custom_apps
+    if [ ! -d /var/www/html/data ]; then
+        cp -arT /usr/src/nextcloud/data /var/www/html/data
+    fi
 
-    chown -R www-data /var/www/html
+    if [ ! -d /var/www/html/custom_apps ]; then
+        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
+        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
+    fi
 
     if [ "$installed_version" != "0.0.0~unknown" ]; then
         su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
diff --git a/update.sh b/update.sh
index 352820b..8fd447e 100755
--- a/update.sh
+++ b/update.sh
@@ -43,6 +43,11 @@ for latest in "${latests[@]}"; do
 			sed -ri -e '/a2enmod/d' "$version/$variant/Dockerfile"
 		fi
 
+		# Remove the assets folder if version >= 10.0
+		if version_greater_or_equal "$version" "10.0"; then
+			sed -ri -e '/assets/d' "$version/$variant/Dockerfile"
+		fi
+
 		# Copy the docker-entrypoint.
 		cp docker-entrypoint.sh "$version/$variant/docker-entrypoint.sh"