subject:"\[GitHub\] \[couchdb\-docker\] willholley commented on a change in pull request #151\: allow running as arbitrary uid"

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

2019-08-28 Thread GitBox

willholley commented on a change in pull request #151: allow running as 
arbitrary uid
URL: https://github.com/apache/couchdb-docker/pull/151#discussion_r318467202
 
 

 ##
 File path: 2.3.1/Dockerfile
 ##
 @@ -121,8 +121,17 @@ COPY docker-entrypoint.sh /usr/local/bin
 RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards 
compat
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 
-# Setup directories and permissions
-RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f 
couchdb:couchdb '{}' +
+
+RUN set -xe; \
+# Check we own everything in /opt/couchdb. Matches the command in 
dockerfile_entrypoint.sh
+find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f 
couchdb:couchdb '{}' +; \
+# Setup directories and permissions for config. Technically these could be 555 
and 444 respectively
+# but we keep them as 755 and 644 for consistency with CouchDB defaults and 
the dockerfile_entrypoint.sh.
+find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \
+find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \
+# only local.d needs to be writable for the docker_entrypoint.sh
+chmod -f 0777 /opt/couchdb/etc/local.d
 
 Review comment:
   ok - suggested change has been pushed


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

2019-08-27 Thread GitBox

willholley commented on a change in pull request #151: allow running as 
arbitrary uid
URL: https://github.com/apache/couchdb-docker/pull/151#discussion_r317974140
 
 

 ##
 File path: 2.3.1/Dockerfile
 ##
 @@ -121,8 +121,17 @@ COPY docker-entrypoint.sh /usr/local/bin
 RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards 
compat
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 
-# Setup directories and permissions
-RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f 
couchdb:couchdb '{}' +
+
+RUN set -xe; \
+# Check we own everything in /opt/couchdb. Matches the command in 
dockerfile_entrypoint.sh
+find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f 
couchdb:couchdb '{}' +; \
+# Setup directories and permissions for config. Technically these could be 555 
and 444 respectively
+# but we keep them as 755 and 644 for consistency with CouchDB defaults and 
the dockerfile_entrypoint.sh.
+find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \
+find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \
+# only local.d needs to be writable for the docker_entrypoint.sh
+chmod -f 0777 /opt/couchdb/etc/local.d
 
 Review comment:
   thanks @tianon - I've pushed another commit which does this. @wohali 
@kocolosk probably best to have another quick review before merging.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

2019-08-23 Thread GitBox

willholley commented on a change in pull request #151: allow running as 
arbitrary uid
URL: https://github.com/apache/couchdb-docker/pull/151#discussion_r317274947
 
 

 ##
 File path: 2.3.1/Dockerfile
 ##
 @@ -121,8 +121,13 @@ COPY docker-entrypoint.sh /usr/local/bin
 RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards 
compat
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 
-# Setup directories and permissions
-RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f 
couchdb:couchdb '{}' +
 
 Review comment:
   Ok - I've added this line back at 
https://github.com/apache/couchdb-docker/pull/151/commits/f9a639120bda80e3b252b089cd50aa33483ed148#diff-ff57d65ca713e117d90559824747793aR127


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

2019-08-14 Thread GitBox

willholley commented on a change in pull request #151: allow running as 
arbitrary uid
URL: https://github.com/apache/couchdb-docker/pull/151#discussion_r313784293
 
 

 ##
 File path: 2.3.1/docker-entrypoint.sh
 ##
 @@ -25,36 +25,44 @@ if [ "$1" = 'couchdb' ]; then
 fi
 
 if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
-   # Check that we own everything in /opt/couchdb and fix if necessary. We 
also
-   # add the `-f` flag in all the following invocations because there may 
be
-   # cases where some of these ownership and permissions issues are 
non-fatal
-   # (e.g. a config file owned by root with o+r is actually fine), and we 
don't
-   # to be too aggressive about crashing here ...
-   find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f 
couchdb:couchdb '{}' +
+   # this is where runtime configuration changes will be written.
+   # we need to explicitly touch it here in case /opt/couchdb/etc has
+   # been mounted as an external volume, in which case it won't exist.
+   # If running as the couchdb user (i.e. container starts as root),
+   # write permissions will be granted below.
+   touch /opt/couchdb/etc/local.d/docker.ini
+
+   # if user is root, assume running under the couchdb user (default)
+   # and ensure it is able to access files and directories that may be 
mounted externally
+   if [ "$(id -u)" = '0' ]; then
+   # Check that we own everything in /opt/couchdb and fix if 
necessary. We also
+   # add the `-f` flag in all the following invocations because 
there may be
+   # cases where some of these ownership and permissions issues 
are non-fatal
+   # (e.g. a config file owned by root with o+r is actually fine), 
and we don't
+   # to be too aggressive about crashing here ...
+   find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec 
chown -f couchdb:couchdb '{}' +
 
-   # Ensure that data files have the correct permissions. We were 
previously
-   # preventing any access to these files outside of couchdb:couchdb, but 
it
-   # turns out that CouchDB itself does not set such restrictive 
permissions
-   # when it creates the files. The approach taken here ensures that the
-   # contents of the datadir have the same permissions as they had when 
they
-   # were initially created. This should minimize any startup delay.
-   find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
-   find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
+   # Ensure that data files have the correct permissions. We were 
previously
 
 Review comment:
   the existing Dockerfile uses a mix of tabs and spaces - what's the preferred 
option? :)


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

2019-08-14 Thread GitBox

willholley commented on a change in pull request #151: allow running as 
arbitrary uid
URL: https://github.com/apache/couchdb-docker/pull/151#discussion_r313782460
 
 

 ##
 File path: 2.3.1/Dockerfile
 ##
 @@ -121,8 +121,13 @@ COPY docker-entrypoint.sh /usr/local/bin
 RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards 
compat
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 
-# Setup directories and permissions
-RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f 
couchdb:couchdb '{}' +
 
 Review comment:
   I didn't notice any issue with startup times when testing but have added 
this line back for consistency.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

[GitHub] [couchdb-docker] willholley commented on a change in pull request #151: allow running as arbitrary uid

5 matches

Site Navigation

Mail list logo

Footer information