willholley commented on a change in pull request #151: allow running as
arbitrary uid
URL: https://github.com/apache/couchdb-docker/pull/151#discussion_r317974140
##########
File path: 2.3.1/Dockerfile
##########
@@ -121,8 +121,17 @@ COPY docker-entrypoint.sh /usr/local/bin
RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards
compat
ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
-# Setup directories and permissions
-RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f
couchdb:couchdb '{}' +
+
+RUN set -xe; \
+# Check we own everything in /opt/couchdb. Matches the command in
dockerfile_entrypoint.sh
+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f
couchdb:couchdb '{}' +; \
+# Setup directories and permissions for config. Technically these could be 555
and 444 respectively
+# but we keep them as 755 and 644 for consistency with CouchDB defaults and
the dockerfile_entrypoint.sh.
+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \
+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \
+# only local.d needs to be writable for the docker_entrypoint.sh
+ chmod -f 0777 /opt/couchdb/etc/local.d
Review comment:
thanks @tianon - I've pushed another commit which does this. @wohali
@kocolosk probably best to have another quick review before merging.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
