willholley commented on a change in pull request #151: allow running as 
arbitrary uid
URL: https://github.com/apache/couchdb-docker/pull/151#discussion_r313784293
 
 

 ##########
 File path: 2.3.1/docker-entrypoint.sh
 ##########
 @@ -25,36 +25,44 @@ if [ "$1" = 'couchdb' ]; then
 fi
 
 if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
-       # Check that we own everything in /opt/couchdb and fix if necessary. We 
also
-       # add the `-f` flag in all the following invocations because there may 
be
-       # cases where some of these ownership and permissions issues are 
non-fatal
-       # (e.g. a config file owned by root with o+r is actually fine), and we 
don't
-       # to be too aggressive about crashing here ...
-       find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f 
couchdb:couchdb '{}' +
+       # this is where runtime configuration changes will be written.
+       # we need to explicitly touch it here in case /opt/couchdb/etc has
+       # been mounted as an external volume, in which case it won't exist.
+       # If running as the couchdb user (i.e. container starts as root),
+       # write permissions will be granted below.
+       touch /opt/couchdb/etc/local.d/docker.ini
+
+       # if user is root, assume running under the couchdb user (default)
+       # and ensure it is able to access files and directories that may be 
mounted externally
+       if [ "$(id -u)" = '0' ]; then
+               # Check that we own everything in /opt/couchdb and fix if 
necessary. We also
+               # add the `-f` flag in all the following invocations because 
there may be
+               # cases where some of these ownership and permissions issues 
are non-fatal
+               # (e.g. a config file owned by root with o+r is actually fine), 
and we don't
+               # to be too aggressive about crashing here ...
+               find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec 
chown -f couchdb:couchdb '{}' +
 
-       # Ensure that data files have the correct permissions. We were 
previously
-       # preventing any access to these files outside of couchdb:couchdb, but 
it
-       # turns out that CouchDB itself does not set such restrictive 
permissions
-       # when it creates the files. The approach taken here ensures that the
-       # contents of the datadir have the same permissions as they had when 
they
-       # were initially created. This should minimize any startup delay.
-       find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
-       find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+               # Ensure that data files have the correct permissions. We were 
previously
 
 Review comment:
   the existing Dockerfile uses a mix of tabs and spaces - what's the preferred 
option? :)

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to