From bd3fc10d7d6b8e94293ceb3887c44bed2a77d721 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 17 Jul 2017 21:35:16 +0200 Subject: [PATCH 1/4] update directory permissions to be compatible with non-root This commit updates the directory permissions to be more compatible when running the image without root f.e. on OpenShift or when specifying it when running with `docker run --user www-data:root ...`. It adds detection logic to the entrypoint script as sudo is not always allowed. This change in directory permissions was also proposed by the official documentation, see https://github.com/nextcloud/documentation/commit/22e2530. The `chown` before the volume definition is needed to prepare the volume as it inherits the permissions. refs https://github.com/nextcloud/docker/issues/107 --- 10.0/apache/Dockerfile | 10 ++-------- 10.0/apache/docker-entrypoint.sh | 22 +++++++++++++++++----- 10.0/fpm/Dockerfile | 10 ++-------- 10.0/fpm/docker-entrypoint.sh | 22 +++++++++++++++++----- 11.0/apache/Dockerfile | 10 ++-------- 11.0/apache/docker-entrypoint.sh | 22 +++++++++++++++++----- 11.0/fpm/Dockerfile | 10 ++-------- 11.0/fpm/docker-entrypoint.sh | 22 +++++++++++++++++----- 12.0/apache/Dockerfile | 10 ++-------- 12.0/apache/docker-entrypoint.sh | 22 +++++++++++++++++----- 12.0/fpm/Dockerfile | 10 ++-------- 12.0/fpm/docker-entrypoint.sh | 22 +++++++++++++++++----- Dockerfile-php7.template | 10 ++-------- Dockerfile.template | 10 ++-------- docker-entrypoint.sh | 22 +++++++++++++++++----- 15 files changed, 135 insertions(+), 99 deletions(-) diff --git a/10.0/apache/Dockerfile b/10.0/apache/Dockerfile index 1f38d8e0..434fe7fb 100644 --- a/10.0/apache/Dockerfile +++ b/10.0/apache/Dockerfile @@ -42,6 +42,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 10.0.6 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -58,16 +60,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/10.0/apache/docker-entrypoint.sh b/10.0/apache/docker-entrypoint.sh index f073581e..61242d41 100755 --- a/10.0/apache/docker-entrypoint.sh +++ b/10.0/apache/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/10.0/fpm/Dockerfile b/10.0/fpm/Dockerfile index cc1fe767..904713cb 100644 --- a/10.0/fpm/Dockerfile +++ b/10.0/fpm/Dockerfile @@ -40,6 +40,8 @@ RUN set -ex \ && docker-php-ext-enable apcu redis memcached ENV NEXTCLOUD_VERSION 10.0.6 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -56,16 +58,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/10.0/fpm/docker-entrypoint.sh b/10.0/fpm/docker-entrypoint.sh index f073581e..61242d41 100755 --- a/10.0/fpm/docker-entrypoint.sh +++ b/10.0/fpm/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/11.0/apache/Dockerfile b/11.0/apache/Dockerfile index 851d24fc..1644c16a 100644 --- a/11.0/apache/Dockerfile +++ b/11.0/apache/Dockerfile @@ -43,6 +43,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 11.0.4 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -59,16 +61,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/11.0/apache/docker-entrypoint.sh b/11.0/apache/docker-entrypoint.sh index f073581e..61242d41 100755 --- a/11.0/apache/docker-entrypoint.sh +++ b/11.0/apache/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/11.0/fpm/Dockerfile b/11.0/fpm/Dockerfile index dd0d689b..3a9b4ff2 100644 --- a/11.0/fpm/Dockerfile +++ b/11.0/fpm/Dockerfile @@ -41,6 +41,8 @@ RUN set -ex \ && docker-php-ext-enable apcu redis memcached ENV NEXTCLOUD_VERSION 11.0.4 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -57,16 +59,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/11.0/fpm/docker-entrypoint.sh b/11.0/fpm/docker-entrypoint.sh index f073581e..61242d41 100755 --- a/11.0/fpm/docker-entrypoint.sh +++ b/11.0/fpm/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/12.0/apache/Dockerfile b/12.0/apache/Dockerfile index d742d9ca..10fdbb0a 100644 --- a/12.0/apache/Dockerfile +++ b/12.0/apache/Dockerfile @@ -43,6 +43,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 12.0.2 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -59,16 +61,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/12.0/apache/docker-entrypoint.sh b/12.0/apache/docker-entrypoint.sh index f073581e..61242d41 100755 --- a/12.0/apache/docker-entrypoint.sh +++ b/12.0/apache/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/12.0/fpm/Dockerfile b/12.0/fpm/Dockerfile index 02ef6f61..09eb43de 100644 --- a/12.0/fpm/Dockerfile +++ b/12.0/fpm/Dockerfile @@ -41,6 +41,8 @@ RUN set -ex \ && docker-php-ext-enable apcu redis memcached ENV NEXTCLOUD_VERSION 12.0.2 + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -57,16 +59,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/12.0/fpm/docker-entrypoint.sh b/12.0/fpm/docker-entrypoint.sh index f073581e..61242d41 100755 --- a/12.0/fpm/docker-entrypoint.sh +++ b/12.0/fpm/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after diff --git a/Dockerfile-php7.template b/Dockerfile-php7.template index d764607f..54dd45b4 100644 --- a/Dockerfile-php7.template +++ b/Dockerfile-php7.template @@ -43,6 +43,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION %%VERSION%% + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -59,16 +61,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/Dockerfile.template b/Dockerfile.template index 53c7ee44..6dfab790 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -42,6 +42,8 @@ RUN set -ex \ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION %%VERSION%% + +RUN chown -R www-data:root /var/www/html VOLUME /var/www/html COPY config/* /usr/src/nextcloud/config/ @@ -58,16 +60,8 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \ && rm nextcloud.tar.bz2 \ && rm -rf /usr/src/nextcloud/updater \ - # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions && mkdir -p /usr/src/nextcloud/data \ && mkdir -p /usr/src/nextcloud/custom_apps \ - && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \ - && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \ - && chown -R root:www-data /usr/src/nextcloud/ \ - && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \ - && chown -R www-data:www-data /usr/src/nextcloud/config/ \ - && chown -R www-data:www-data /usr/src/nextcloud/data/ \ - && chown -R www-data:www-data /usr/src/nextcloud/themes/ \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f073581e..61242d41 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -11,6 +11,13 @@ function directory_empty() { [ -n "$(find "$1"/ -prune -empty)" ] } +function run_as() { + if [[ $EUID -eq 0 ]]; then + su - www-data -s /bin/bash -c "$1" + else + bash -c "$1" + fi +} installed_version="0.0.0~unknown" if [ -f /var/www/html/version.php ]; then @@ -25,10 +32,15 @@ fi if version_greater "$image_version" "$installed_version"; then if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before + run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi - rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - + if [[ $EUID -eq 0 ]]; then + rsync_options=-a + else + rsync_options=-rlD + fi + rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ + for dir in config data themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" @@ -44,9 +56,9 @@ if version_greater "$image_version" "$installed_version"; then fi if [ "$installed_version" != "0.0.0~unknown" ]; then - su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable' + run_as 'php /var/www/html/occ upgrade --no-app-disable' - su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after + run_as 'php /var/www/html/occ app:list' > /tmp/list_after echo "The following apps have beed disabled:" diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1 rm -f /tmp/list_before /tmp/list_after From 7366057ce105d50df72df819193182cabfafa4e1 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Mon, 7 Aug 2017 16:02:46 +0200 Subject: [PATCH 2/4] Move COPY back down --- 10.0/apache/Dockerfile | 3 +-- 10.0/fpm/Dockerfile | 3 +-- 11.0/apache/Dockerfile | 3 +-- 11.0/fpm/Dockerfile | 3 +-- 12.0/apache/Dockerfile | 3 +-- 12.0/fpm/Dockerfile | 3 +-- Dockerfile-php7.template | 3 +-- Dockerfile.template | 3 +-- 8 files changed, 8 insertions(+), 16 deletions(-) diff --git a/10.0/apache/Dockerfile b/10.0/apache/Dockerfile index 434fe7fb..f1342612 100644 --- a/10.0/apache/Dockerfile +++ b/10.0/apache/Dockerfile @@ -46,8 +46,6 @@ ENV NEXTCLOUD_VERSION 10.0.6 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -65,6 +63,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/10.0/fpm/Dockerfile b/10.0/fpm/Dockerfile index 904713cb..57aa3982 100644 --- a/10.0/fpm/Dockerfile +++ b/10.0/fpm/Dockerfile @@ -44,8 +44,6 @@ ENV NEXTCLOUD_VERSION 10.0.6 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -63,6 +61,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["php-fpm"] diff --git a/11.0/apache/Dockerfile b/11.0/apache/Dockerfile index 1644c16a..0182e0a9 100644 --- a/11.0/apache/Dockerfile +++ b/11.0/apache/Dockerfile @@ -47,8 +47,6 @@ ENV NEXTCLOUD_VERSION 11.0.4 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -66,6 +64,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/11.0/fpm/Dockerfile b/11.0/fpm/Dockerfile index 3a9b4ff2..6fbe9a10 100644 --- a/11.0/fpm/Dockerfile +++ b/11.0/fpm/Dockerfile @@ -45,8 +45,6 @@ ENV NEXTCLOUD_VERSION 11.0.4 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -64,6 +62,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["php-fpm"] diff --git a/12.0/apache/Dockerfile b/12.0/apache/Dockerfile index 10fdbb0a..2e4949cb 100644 --- a/12.0/apache/Dockerfile +++ b/12.0/apache/Dockerfile @@ -47,8 +47,6 @@ ENV NEXTCLOUD_VERSION 12.0.2 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -66,6 +64,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/12.0/fpm/Dockerfile b/12.0/fpm/Dockerfile index 09eb43de..399ff1ff 100644 --- a/12.0/fpm/Dockerfile +++ b/12.0/fpm/Dockerfile @@ -45,8 +45,6 @@ ENV NEXTCLOUD_VERSION 12.0.2 RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -64,6 +62,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["php-fpm"] diff --git a/Dockerfile-php7.template b/Dockerfile-php7.template index 54dd45b4..54a9a3b6 100644 --- a/Dockerfile-php7.template +++ b/Dockerfile-php7.template @@ -47,8 +47,6 @@ ENV NEXTCLOUD_VERSION %%VERSION%% RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -66,6 +64,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["%%CMD%%"] diff --git a/Dockerfile.template b/Dockerfile.template index 6dfab790..88873192 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -46,8 +46,6 @@ ENV NEXTCLOUD_VERSION %%VERSION%% RUN chown -R www-data:root /var/www/html VOLUME /var/www/html -COPY config/* /usr/src/nextcloud/config/ - RUN curl -fsSL -o nextcloud.tar.bz2 \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ && curl -fsSL -o nextcloud.tar.bz2.asc \ @@ -65,6 +63,7 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \ && chmod +x /usr/src/nextcloud/occ COPY docker-entrypoint.sh /entrypoint.sh +COPY config/* /usr/src/nextcloud/config/ ENTRYPOINT ["/entrypoint.sh"] CMD ["%%CMD%%"] From 69b4a015ed7c21cd829f9747e0209fb80604e7b3 Mon Sep 17 00:00:00 2001 From: Tilo Spannagel Date: Thu, 10 Aug 2017 14:53:11 +0200 Subject: [PATCH 3/4] Fix permissions when running as root --- 10.0/apache/docker-entrypoint.sh | 16 ++++------------ 10.0/fpm/docker-entrypoint.sh | 16 ++++------------ 11.0/apache/docker-entrypoint.sh | 16 ++++------------ 11.0/fpm/docker-entrypoint.sh | 16 ++++------------ 12.0/apache/docker-entrypoint.sh | 16 ++++------------ 12.0/fpm/docker-entrypoint.sh | 16 ++++------------ docker-entrypoint.sh | 16 ++++------------ 7 files changed, 28 insertions(+), 84 deletions(-) diff --git a/10.0/apache/docker-entrypoint.sh b/10.0/apache/docker-entrypoint.sh index 61242d41..9298bb47 100755 --- a/10.0/apache/docker-entrypoint.sh +++ b/10.0/apache/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/10.0/fpm/docker-entrypoint.sh b/10.0/fpm/docker-entrypoint.sh index 61242d41..9298bb47 100755 --- a/10.0/fpm/docker-entrypoint.sh +++ b/10.0/fpm/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/11.0/apache/docker-entrypoint.sh b/11.0/apache/docker-entrypoint.sh index 61242d41..9298bb47 100755 --- a/11.0/apache/docker-entrypoint.sh +++ b/11.0/apache/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/11.0/fpm/docker-entrypoint.sh b/11.0/fpm/docker-entrypoint.sh index 61242d41..9298bb47 100755 --- a/11.0/fpm/docker-entrypoint.sh +++ b/11.0/fpm/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/12.0/apache/docker-entrypoint.sh b/12.0/apache/docker-entrypoint.sh index 61242d41..9298bb47 100755 --- a/12.0/apache/docker-entrypoint.sh +++ b/12.0/apache/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/12.0/fpm/docker-entrypoint.sh b/12.0/fpm/docker-entrypoint.sh index 61242d41..9298bb47 100755 --- a/12.0/fpm/docker-entrypoint.sh +++ b/12.0/fpm/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 61242d41..9298bb47 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -35,26 +35,18 @@ if version_greater "$image_version" "$installed_version"; then run_as 'php /var/www/html/occ app:list' > /tmp/list_before fi if [[ $EUID -eq 0 ]]; then - rsync_options=-a + rsync_options="-rlDog --chown www-data:root" else - rsync_options=-rlD + rsync_options="-rlD" fi rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/ - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then - cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir" + rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/ fi done - if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then - cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php - fi - - if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then - cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps - fi - if [ "$installed_version" != "0.0.0~unknown" ]; then run_as 'php /var/www/html/occ upgrade --no-app-disable' From 6ed3dfe5568941b482cd7d19a39bd19dec05f642 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 11 Aug 2017 20:09:14 +0200 Subject: [PATCH 4/4] directory permissions for root group --- 10.0/apache/Dockerfile | 3 ++- 10.0/fpm/Dockerfile | 3 ++- 11.0/apache/Dockerfile | 3 ++- 11.0/fpm/Dockerfile | 3 ++- 12.0/apache/Dockerfile | 3 ++- 12.0/fpm/Dockerfile | 3 ++- Dockerfile-php7.template | 3 ++- Dockerfile.template | 3 ++- 8 files changed, 16 insertions(+), 8 deletions(-) diff --git a/10.0/apache/Dockerfile b/10.0/apache/Dockerfile index f1342612..e10976e0 100644 --- a/10.0/apache/Dockerfile +++ b/10.0/apache/Dockerfile @@ -43,7 +43,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 10.0.6 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/10.0/fpm/Dockerfile b/10.0/fpm/Dockerfile index 57aa3982..9cc03370 100644 --- a/10.0/fpm/Dockerfile +++ b/10.0/fpm/Dockerfile @@ -41,7 +41,8 @@ RUN set -ex \ ENV NEXTCLOUD_VERSION 10.0.6 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/11.0/apache/Dockerfile b/11.0/apache/Dockerfile index 0182e0a9..ab9c68bd 100644 --- a/11.0/apache/Dockerfile +++ b/11.0/apache/Dockerfile @@ -44,7 +44,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 11.0.4 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/11.0/fpm/Dockerfile b/11.0/fpm/Dockerfile index 6fbe9a10..6c75948d 100644 --- a/11.0/fpm/Dockerfile +++ b/11.0/fpm/Dockerfile @@ -42,7 +42,8 @@ RUN set -ex \ ENV NEXTCLOUD_VERSION 11.0.4 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/12.0/apache/Dockerfile b/12.0/apache/Dockerfile index 2e4949cb..9032b0a8 100644 --- a/12.0/apache/Dockerfile +++ b/12.0/apache/Dockerfile @@ -44,7 +44,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION 12.0.2 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/12.0/fpm/Dockerfile b/12.0/fpm/Dockerfile index 399ff1ff..e0c75fd8 100644 --- a/12.0/fpm/Dockerfile +++ b/12.0/fpm/Dockerfile @@ -42,7 +42,8 @@ RUN set -ex \ ENV NEXTCLOUD_VERSION 12.0.2 -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/Dockerfile-php7.template b/Dockerfile-php7.template index 54a9a3b6..fd153275 100644 --- a/Dockerfile-php7.template +++ b/Dockerfile-php7.template @@ -44,7 +44,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION %%VERSION%% -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \ diff --git a/Dockerfile.template b/Dockerfile.template index 88873192..fbf9d620 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -43,7 +43,8 @@ RUN a2enmod rewrite ENV NEXTCLOUD_VERSION %%VERSION%% -RUN chown -R www-data:root /var/www/html +RUN chown -R www-data:root /var/www/html && \ + chmod -R g=u /var/www/html VOLUME /var/www/html RUN curl -fsSL -o nextcloud.tar.bz2 \