[couchdb-docker] branch custom_uid updated: fixup! fixup! fixup! allow running as arbitrary uid

[willholley]

This is an automated email from the ASF dual-hosted git repository.

willholley pushed a commit to branch custom_uid
in repository https://gitbox.apache.org/repos/asf/couchdb-docker.git


The following commit(s) were added to refs/heads/custom_uid by this push:
     new 2520fd5  fixup! fixup! fixup! allow running as arbitrary uid
2520fd5 is described below

commit 2520fd52be573280c4f1ffed977312de7559bdd9
Author: Will Holley <willhol...@gmail.com>
AuthorDate: Tue Aug 13 13:08:31 2019 +0100

    fixup! fixup! fixup! allow running as arbitrary uid
---
 2.3.1/Dockerfile           |  5 ++++-
 2.3.1/docker-entrypoint.sh | 10 +++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/2.3.1/Dockerfile b/2.3.1/Dockerfile
index d2381c4..5001fc0 100644
--- a/2.3.1/Dockerfile
+++ b/2.3.1/Dockerfile
@@ -122,7 +122,10 @@ RUN ln -s usr/local/bin/docker-entrypoint.sh 
/docker-entrypoint.sh # backwards c
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 
 # Setup directories and permissions for config
-RUN chmod -R 777 /opt/couchdb/etc
+RUN find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \
+    find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \
+    # only local.d needs to be writable for the docker_entrypoint.sh
+    chmod -f 0777 /opt/couchdb/etc/local.d
 
 VOLUME /opt/couchdb/data
 
diff --git a/2.3.1/docker-entrypoint.sh b/2.3.1/docker-entrypoint.sh
index b5658ed..be9e099 100755
--- a/2.3.1/docker-entrypoint.sh
+++ b/2.3.1/docker-entrypoint.sh
@@ -25,6 +25,13 @@ if [ "$1" = 'couchdb' ]; then
 fi
 
 if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
+       # this is where runtime configuration changes will be written.
+       # we need to explicitly touch it here in case /opt/couchdb/etc has
+       # been mounted as an external volume, in which case it won't exist.
+       # If running as the couchdb user (i.e. container starts as root),
+       # write permissions will be granted below.
+       touch /opt/couchdb/etc/local.d/docker.ini
+
        # if user is root, assume running under the couchdb user (default)
        # and ensure it is able to access files and directories that may be 
mounted externally
        if [ "$(id -u)" = '0' ]; then
@@ -56,9 +63,6 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
                echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args
        fi
 
-       # Ensure that CouchDB will write custom settings in this file
-       touch /opt/couchdb/etc/local.d/docker.ini
-
        if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then
                # Create admin only if not already present
                if ! grep -Pzoqr "\[admins\]\n$COUCHDB_USER =" 
/opt/couchdb/etc/local.d/*.ini; then