[GitHub] [couchdb-docker] tianon commented on a change in pull request #151: allow running as arbitrary uid

[GitBox <gi...@apache.org>]

tianon commented on a change in pull request #151: allow running as arbitrary uid
URL: https://github.com/apache/couchdb-docker/pull/151#discussion_r317622798
 
 

 ##########
 File path: 2.3.1/Dockerfile
 ##########
 @@ -121,8 +121,17 @@ COPY docker-entrypoint.sh /usr/local/bin
 RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
 
-# Setup directories and permissions
-RUN find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
+
+RUN set -xe; \
+# Check we own everything in /opt/couchdb. Matches the command in dockerfile_entrypoint.sh
+    find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +; \
+# Setup directories and permissions for config. Technically these could be 555 and 444 respectively
+# but we keep them as 755 and 644 for consistency with CouchDB defaults and the dockerfile_entrypoint.sh.
+    find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +; \
+    find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +; \
+# only local.d needs to be writable for the docker_entrypoint.sh
+    chmod -f 0777 /opt/couchdb/etc/local.d
 
 Review comment:
   I would recommend moving this whole block up into the `RUN` line that creates `/opt/couchdb` in the first place while you're at it/here (there are some edge cases around `chmod`/`chown` in a separate layer on some graph drivers).

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services