[GitHub] [couchdb-docker] wohali commented on a change in pull request #170: Fix169 by enforcing safe admin credentials

[GitBox <gi...@apache.org>]

wohali commented on a change in pull request #170: Fix169 by enforcing safe admin credentials
URL: https://github.com/apache/couchdb-docker/pull/170#discussion_r378933533
 
 

 ##########
 File path: dev/docker-entrypoint.sh
 ##########
 @@ -25,40 +25,75 @@ if [ "$1" = 'couchdb' ]; then
 fi
 
 if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
-	# Check that we own everything in /opt/couchdb and fix if necessary. We also
-	# add the `-f` flag in all the following invocations because there may be
-	# cases where some of these ownership and permissions issues are non-fatal
-	# (e.g. a config file owned by root with o+r is actually fine), and we don't
-	# to be too aggressive about crashing here ...
-	find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb '{}' +
+	# this is where runtime configuration changes will be written.
+	# we need to explicitly touch it here in case /opt/couchdb/etc has
+	# been mounted as an external volume, in which case it won't exist.
+	# If running as the couchdb user (i.e. container starts as root),
+	# write permissions will be granted below.
+	touch /opt/couchdb/etc/local.d/docker.ini
+
+	# if user is root, assume running under the couchdb user (default)
+	# and ensure it is able to access files and directories that may be mounted externally
+	if [ "$(id -u)" = '0' ]; then
 
 Review comment:
   This is unexpected, can you explain why you're checking for this everywhere? It may not be true, but we may still want the find operation to occur.
   
   /cc @kocolosk 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services