Merge pull request #131 from tobru/dir_permissions

update directory permissions to be compatible with non-root
author: Tilo Spannagel <development@tilosp.de> 2017-08-26 16:26:16 +0200
committer: GitHub <noreply@github.com> 2017-08-26 16:26:16 +0200
commit: 261f545fabcbf4b1e4a1aa5400ee480be5ce629d (patch)
tree: 4fe68de72617bc870a2a3012122e8d41f451646b
parent: 2220249a20b6b92e25f51eb7c1f39a77b7838c49 (diff)
parent: 6ed3dfe5568941b482cd7d19a39bd19dec05f642 (diff)
15 files changed, 165 insertions, 185 deletions
diff --git a/10.0/apache/Dockerfile b/10.0/apache/Dockerfile
index 1f38d8e0..e10976e0 100644
--- a/10.0/apache/Dockerfile
+++ b/10.0/apache/Dockerfile
@@ -42,9 +42,10 @@ RUN set -ex \
 RUN a2enmod rewrite
 
 ENV NEXTCLOUD_VERSION 10.0.6
-VOLUME /var/www/html
 
-COPY config/* /usr/src/nextcloud/config/
+RUN chown -R www-data:root /var/www/html && \
+    chmod -R g=u /var/www/html
+VOLUME /var/www/html
 
 RUN curl -fsSL -o nextcloud.tar.bz2 \
     "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
@@ -58,19 +59,12 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
  && rm -rf /usr/src/nextcloud/updater \
- # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
  && mkdir -p /usr/src/nextcloud/data \
  && mkdir -p /usr/src/nextcloud/custom_apps \
- && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
- && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
- && chown -R root:www-data /usr/src/nextcloud/ \
- && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
- && chown -R www-data:www-data /usr/src/nextcloud/config/ \
- && chown -R www-data:www-data /usr/src/nextcloud/data/ \
- && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
  && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
+COPY config/* /usr/src/nextcloud/config/
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["apache2-foreground"]
diff --git a/10.0/apache/docker-entrypoint.sh b/10.0/apache/docker-entrypoint.sh
index f073581e..9298bb47 100755
--- a/10.0/apache/docker-entrypoint.sh
+++ b/10.0/apache/docker-entrypoint.sh
@@ -11,6 +11,13 @@ function directory_empty() {
     [ -n "$(find "$1"/ -prune -empty)" ]
 }
 
+function run_as() {
+  if [[ $EUID -eq 0 ]]; then
+    su - www-data -s /bin/bash -c "$1"
+  else
+    bash -c "$1"
+  fi
+}
 
 installed_version="0.0.0~unknown"
 if [ -f /var/www/html/version.php ]; then
@@ -25,28 +32,25 @@ fi
 
 if version_greater "$image_version" "$installed_version"; then
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_before
+    fi
+    if [[ $EUID -eq 0 ]]; then
+      rsync_options="-rlDog --chown www-data:root"
+    else
+      rsync_options="-rlD"
     fi
-    rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
-    
-    for dir in config data themes; do
+    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
+
+    for dir in config data custom_apps themes; do
         if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then
-            cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir"
+            rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         fi
     done
 
-    if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then
-        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
-    fi
-
-    if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then
-        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
-    fi
-
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
+        run_as 'php /var/www/html/occ upgrade --no-app-disable'
 
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_after
         echo "The following apps have beed disabled:"
         diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1
         rm -f /tmp/list_before /tmp/list_after
diff --git a/10.0/fpm/Dockerfile b/10.0/fpm/Dockerfile
index cc1fe767..9cc03370 100644
--- a/10.0/fpm/Dockerfile
+++ b/10.0/fpm/Dockerfile
@@ -40,9 +40,10 @@ RUN set -ex \
  && docker-php-ext-enable apcu redis memcached
 
 ENV NEXTCLOUD_VERSION 10.0.6
-VOLUME /var/www/html
 
-COPY config/* /usr/src/nextcloud/config/
+RUN chown -R www-data:root /var/www/html && \
+    chmod -R g=u /var/www/html
+VOLUME /var/www/html
 
 RUN curl -fsSL -o nextcloud.tar.bz2 \
     "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
@@ -56,19 +57,12 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
  && rm -rf /usr/src/nextcloud/updater \
- # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
  && mkdir -p /usr/src/nextcloud/data \
  && mkdir -p /usr/src/nextcloud/custom_apps \
- && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
- && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
- && chown -R root:www-data /usr/src/nextcloud/ \
- && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
- && chown -R www-data:www-data /usr/src/nextcloud/config/ \
- && chown -R www-data:www-data /usr/src/nextcloud/data/ \
- && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
  && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
+COPY config/* /usr/src/nextcloud/config/
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["php-fpm"]
diff --git a/10.0/fpm/docker-entrypoint.sh b/10.0/fpm/docker-entrypoint.sh
index f073581e..9298bb47 100755
--- a/10.0/fpm/docker-entrypoint.sh
+++ b/10.0/fpm/docker-entrypoint.sh
@@ -11,6 +11,13 @@ function directory_empty() {
     [ -n "$(find "$1"/ -prune -empty)" ]
 }
 
+function run_as() {
+  if [[ $EUID -eq 0 ]]; then
+    su - www-data -s /bin/bash -c "$1"
+  else
+    bash -c "$1"
+  fi
+}
 
 installed_version="0.0.0~unknown"
 if [ -f /var/www/html/version.php ]; then
@@ -25,28 +32,25 @@ fi
 
 if version_greater "$image_version" "$installed_version"; then
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_before
+    fi
+    if [[ $EUID -eq 0 ]]; then
+      rsync_options="-rlDog --chown www-data:root"
+    else
+      rsync_options="-rlD"
     fi
-    rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
-    
-    for dir in config data themes; do
+    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
+
+    for dir in config data custom_apps themes; do
         if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then
-            cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir"
+            rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         fi
     done
 
-    if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then
-        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
-    fi
-
-    if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then
-        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
-    fi
-
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
+        run_as 'php /var/www/html/occ upgrade --no-app-disable'
 
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_after
         echo "The following apps have beed disabled:"
         diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1
         rm -f /tmp/list_before /tmp/list_after
diff --git a/11.0/apache/Dockerfile b/11.0/apache/Dockerfile
index 851d24fc..ab9c68bd 100644
--- a/11.0/apache/Dockerfile
+++ b/11.0/apache/Dockerfile
@@ -43,9 +43,10 @@ RUN set -ex \
 RUN a2enmod rewrite
 
 ENV NEXTCLOUD_VERSION 11.0.4
-VOLUME /var/www/html
 
-COPY config/* /usr/src/nextcloud/config/
+RUN chown -R www-data:root /var/www/html && \
+    chmod -R g=u /var/www/html
+VOLUME /var/www/html
 
 RUN curl -fsSL -o nextcloud.tar.bz2 \
     "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
@@ -59,19 +60,12 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
  && rm -rf /usr/src/nextcloud/updater \
- # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
  && mkdir -p /usr/src/nextcloud/data \
  && mkdir -p /usr/src/nextcloud/custom_apps \
- && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
- && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
- && chown -R root:www-data /usr/src/nextcloud/ \
- && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
- && chown -R www-data:www-data /usr/src/nextcloud/config/ \
- && chown -R www-data:www-data /usr/src/nextcloud/data/ \
- && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
  && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
+COPY config/* /usr/src/nextcloud/config/
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["apache2-foreground"]
diff --git a/11.0/apache/docker-entrypoint.sh b/11.0/apache/docker-entrypoint.sh
index f073581e..9298bb47 100755
--- a/11.0/apache/docker-entrypoint.sh
+++ b/11.0/apache/docker-entrypoint.sh
@@ -11,6 +11,13 @@ function directory_empty() {
     [ -n "$(find "$1"/ -prune -empty)" ]
 }
 
+function run_as() {
+  if [[ $EUID -eq 0 ]]; then
+    su - www-data -s /bin/bash -c "$1"
+  else
+    bash -c "$1"
+  fi
+}
 
 installed_version="0.0.0~unknown"
 if [ -f /var/www/html/version.php ]; then
@@ -25,28 +32,25 @@ fi
 
 if version_greater "$image_version" "$installed_version"; then
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_before
+    fi
+    if [[ $EUID -eq 0 ]]; then
+      rsync_options="-rlDog --chown www-data:root"
+    else
+      rsync_options="-rlD"
     fi
-    rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
-    
-    for dir in config data themes; do
+    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
+
+    for dir in config data custom_apps themes; do
         if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then
-            cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir"
+            rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         fi
     done
 
-    if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then
-        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
-    fi
-
-    if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then
-        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
-    fi
-
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
+        run_as 'php /var/www/html/occ upgrade --no-app-disable'
 
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_after
         echo "The following apps have beed disabled:"
         diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1
         rm -f /tmp/list_before /tmp/list_after
diff --git a/11.0/fpm/Dockerfile b/11.0/fpm/Dockerfile
index dd0d689b..6c75948d 100644
--- a/11.0/fpm/Dockerfile
+++ b/11.0/fpm/Dockerfile
@@ -41,9 +41,10 @@ RUN set -ex \
  && docker-php-ext-enable apcu redis memcached
 
 ENV NEXTCLOUD_VERSION 11.0.4
-VOLUME /var/www/html
 
-COPY config/* /usr/src/nextcloud/config/
+RUN chown -R www-data:root /var/www/html && \
+    chmod -R g=u /var/www/html
+VOLUME /var/www/html
 
 RUN curl -fsSL -o nextcloud.tar.bz2 \
     "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
@@ -57,19 +58,12 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
  && rm -rf /usr/src/nextcloud/updater \
- # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
  && mkdir -p /usr/src/nextcloud/data \
  && mkdir -p /usr/src/nextcloud/custom_apps \
- && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
- && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
- && chown -R root:www-data /usr/src/nextcloud/ \
- && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
- && chown -R www-data:www-data /usr/src/nextcloud/config/ \
- && chown -R www-data:www-data /usr/src/nextcloud/data/ \
- && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
  && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
+COPY config/* /usr/src/nextcloud/config/
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["php-fpm"]
diff --git a/11.0/fpm/docker-entrypoint.sh b/11.0/fpm/docker-entrypoint.sh
index f073581e..9298bb47 100755
--- a/11.0/fpm/docker-entrypoint.sh
+++ b/11.0/fpm/docker-entrypoint.sh
@@ -11,6 +11,13 @@ function directory_empty() {
     [ -n "$(find "$1"/ -prune -empty)" ]
 }
 
+function run_as() {
+  if [[ $EUID -eq 0 ]]; then
+    su - www-data -s /bin/bash -c "$1"
+  else
+    bash -c "$1"
+  fi
+}
 
 installed_version="0.0.0~unknown"
 if [ -f /var/www/html/version.php ]; then
@@ -25,28 +32,25 @@ fi
 
 if version_greater "$image_version" "$installed_version"; then
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_before
+    fi
+    if [[ $EUID -eq 0 ]]; then
+      rsync_options="-rlDog --chown www-data:root"
+    else
+      rsync_options="-rlD"
     fi
-    rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
-    
-    for dir in config data themes; do
+    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
+
+    for dir in config data custom_apps themes; do
         if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then
-            cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir"
+            rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         fi
     done
 
-    if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then
-        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
-    fi
-
-    if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then
-        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
-    fi
-
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
+        run_as 'php /var/www/html/occ upgrade --no-app-disable'
 
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_after
         echo "The following apps have beed disabled:"
         diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1
         rm -f /tmp/list_before /tmp/list_after
diff --git a/12.0/apache/Dockerfile b/12.0/apache/Dockerfile
index d742d9ca..9032b0a8 100644
--- a/12.0/apache/Dockerfile
+++ b/12.0/apache/Dockerfile
@@ -43,9 +43,10 @@ RUN set -ex \
 RUN a2enmod rewrite
 
 ENV NEXTCLOUD_VERSION 12.0.2
-VOLUME /var/www/html
 
-COPY config/* /usr/src/nextcloud/config/
+RUN chown -R www-data:root /var/www/html && \
+    chmod -R g=u /var/www/html
+VOLUME /var/www/html
 
 RUN curl -fsSL -o nextcloud.tar.bz2 \
     "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
@@ -59,19 +60,12 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
  && rm -rf /usr/src/nextcloud/updater \
- # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
  && mkdir -p /usr/src/nextcloud/data \
  && mkdir -p /usr/src/nextcloud/custom_apps \
- && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
- && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
- && chown -R root:www-data /usr/src/nextcloud/ \
- && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
- && chown -R www-data:www-data /usr/src/nextcloud/config/ \
- && chown -R www-data:www-data /usr/src/nextcloud/data/ \
- && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
  && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
+COPY config/* /usr/src/nextcloud/config/
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["apache2-foreground"]
diff --git a/12.0/apache/docker-entrypoint.sh b/12.0/apache/docker-entrypoint.sh
index f073581e..9298bb47 100755
--- a/12.0/apache/docker-entrypoint.sh
+++ b/12.0/apache/docker-entrypoint.sh
@@ -11,6 +11,13 @@ function directory_empty() {
     [ -n "$(find "$1"/ -prune -empty)" ]
 }
 
+function run_as() {
+  if [[ $EUID -eq 0 ]]; then
+    su - www-data -s /bin/bash -c "$1"
+  else
+    bash -c "$1"
+  fi
+}
 
 installed_version="0.0.0~unknown"
 if [ -f /var/www/html/version.php ]; then
@@ -25,28 +32,25 @@ fi
 
 if version_greater "$image_version" "$installed_version"; then
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_before
+    fi
+    if [[ $EUID -eq 0 ]]; then
+      rsync_options="-rlDog --chown www-data:root"
+    else
+      rsync_options="-rlD"
     fi
-    rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
-    
-    for dir in config data themes; do
+    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
+
+    for dir in config data custom_apps themes; do
         if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then
-            cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir"
+            rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         fi
     done
 
-    if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then
-        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
-    fi
-
-    if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then
-        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
-    fi
-
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
+        run_as 'php /var/www/html/occ upgrade --no-app-disable'
 
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_after
         echo "The following apps have beed disabled:"
         diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1
         rm -f /tmp/list_before /tmp/list_after
diff --git a/12.0/fpm/Dockerfile b/12.0/fpm/Dockerfile
index 02ef6f61..e0c75fd8 100644
--- a/12.0/fpm/Dockerfile
+++ b/12.0/fpm/Dockerfile
@@ -41,9 +41,10 @@ RUN set -ex \
  && docker-php-ext-enable apcu redis memcached
 
 ENV NEXTCLOUD_VERSION 12.0.2
-VOLUME /var/www/html
 
-COPY config/* /usr/src/nextcloud/config/
+RUN chown -R www-data:root /var/www/html && \
+    chmod -R g=u /var/www/html
+VOLUME /var/www/html
 
 RUN curl -fsSL -o nextcloud.tar.bz2 \
     "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
@@ -57,19 +58,12 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
  && rm -rf /usr/src/nextcloud/updater \
- # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
  && mkdir -p /usr/src/nextcloud/data \
  && mkdir -p /usr/src/nextcloud/custom_apps \
- && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
- && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
- && chown -R root:www-data /usr/src/nextcloud/ \
- && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
- && chown -R www-data:www-data /usr/src/nextcloud/config/ \
- && chown -R www-data:www-data /usr/src/nextcloud/data/ \
- && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
  && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
+COPY config/* /usr/src/nextcloud/config/
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["php-fpm"]
diff --git a/12.0/fpm/docker-entrypoint.sh b/12.0/fpm/docker-entrypoint.sh
index f073581e..9298bb47 100755
--- a/12.0/fpm/docker-entrypoint.sh
+++ b/12.0/fpm/docker-entrypoint.sh
@@ -11,6 +11,13 @@ function directory_empty() {
     [ -n "$(find "$1"/ -prune -empty)" ]
 }
 
+function run_as() {
+  if [[ $EUID -eq 0 ]]; then
+    su - www-data -s /bin/bash -c "$1"
+  else
+    bash -c "$1"
+  fi
+}
 
 installed_version="0.0.0~unknown"
 if [ -f /var/www/html/version.php ]; then
@@ -25,28 +32,25 @@ fi
 
 if version_greater "$image_version" "$installed_version"; then
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_before
+    fi
+    if [[ $EUID -eq 0 ]]; then
+      rsync_options="-rlDog --chown www-data:root"
+    else
+      rsync_options="-rlD"
     fi
-    rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
-    
-    for dir in config data themes; do
+    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
+
+    for dir in config data custom_apps themes; do
         if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then
-            cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir"
+            rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         fi
     done
 
-    if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then
-        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
-    fi
-
-    if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then
-        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
-    fi
-
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
+        run_as 'php /var/www/html/occ upgrade --no-app-disable'
 
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_after
         echo "The following apps have beed disabled:"
         diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1
         rm -f /tmp/list_before /tmp/list_after
diff --git a/Dockerfile-php7.template b/Dockerfile-php7.template
index d764607f..fd153275 100644
--- a/Dockerfile-php7.template
+++ b/Dockerfile-php7.template
@@ -43,9 +43,10 @@ RUN set -ex \
 RUN a2enmod rewrite
 
 ENV NEXTCLOUD_VERSION %%VERSION%%
-VOLUME /var/www/html
 
-COPY config/* /usr/src/nextcloud/config/
+RUN chown -R www-data:root /var/www/html && \
+    chmod -R g=u /var/www/html
+VOLUME /var/www/html
 
 RUN curl -fsSL -o nextcloud.tar.bz2 \
     "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
@@ -59,19 +60,12 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
  && rm -rf /usr/src/nextcloud/updater \
- # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
  && mkdir -p /usr/src/nextcloud/data \
  && mkdir -p /usr/src/nextcloud/custom_apps \
- && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
- && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
- && chown -R root:www-data /usr/src/nextcloud/ \
- && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
- && chown -R www-data:www-data /usr/src/nextcloud/config/ \
- && chown -R www-data:www-data /usr/src/nextcloud/data/ \
- && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
  && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
+COPY config/* /usr/src/nextcloud/config/
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["%%CMD%%"]
diff --git a/Dockerfile.template b/Dockerfile.template
index 53c7ee44..fbf9d620 100644
--- a/Dockerfile.template
+++ b/Dockerfile.template
@@ -42,9 +42,10 @@ RUN set -ex \
 RUN a2enmod rewrite
 
 ENV NEXTCLOUD_VERSION %%VERSION%%
-VOLUME /var/www/html
 
-COPY config/* /usr/src/nextcloud/config/
+RUN chown -R www-data:root /var/www/html && \
+    chmod -R g=u /var/www/html
+VOLUME /var/www/html
 
 RUN curl -fsSL -o nextcloud.tar.bz2 \
     "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
@@ -58,19 +59,12 @@ RUN curl -fsSL -o nextcloud.tar.bz2 \
  && tar -xjf nextcloud.tar.bz2 -C /usr/src/ \
  && rm nextcloud.tar.bz2 \
  && rm -rf /usr/src/nextcloud/updater \
- # https://docs.nextcloud.com/server/11/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions
  && mkdir -p /usr/src/nextcloud/data \
  && mkdir -p /usr/src/nextcloud/custom_apps \
- && find /usr/src/nextcloud/ -type f -print0 | xargs -0 chmod 0640 \
- && find /usr/src/nextcloud/ -type d -print0 | xargs -0 chmod 0750 \
- && chown -R root:www-data /usr/src/nextcloud/ \
- && chown -R www-data:www-data /usr/src/nextcloud/custom_apps/ \
- && chown -R www-data:www-data /usr/src/nextcloud/config/ \
- && chown -R www-data:www-data /usr/src/nextcloud/data/ \
- && chown -R www-data:www-data /usr/src/nextcloud/themes/ \
  && chmod +x /usr/src/nextcloud/occ
 
 COPY docker-entrypoint.sh /entrypoint.sh
+COPY config/* /usr/src/nextcloud/config/
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["%%CMD%%"]
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index f073581e..9298bb47 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -11,6 +11,13 @@ function directory_empty() {
     [ -n "$(find "$1"/ -prune -empty)" ]
 }
 
+function run_as() {
+  if [[ $EUID -eq 0 ]]; then
+    su - www-data -s /bin/bash -c "$1"
+  else
+    bash -c "$1"
+  fi
+}
 
 installed_version="0.0.0~unknown"
 if [ -f /var/www/html/version.php ]; then
@@ -25,28 +32,25 @@ fi
 
 if version_greater "$image_version" "$installed_version"; then
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_before
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_before
+    fi
+    if [[ $EUID -eq 0 ]]; then
+      rsync_options="-rlDog --chown www-data:root"
+    else
+      rsync_options="-rlD"
     fi
-    rsync -a --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
-    
-    for dir in config data themes; do
+    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
+
+    for dir in config data custom_apps themes; do
         if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then
-            cp -arT /usr/src/nextcloud/"$dir" /var/www/html/"$dir"
+            rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/
         fi
     done
 
-    if [ ! -d /var/www/html/custom_apps ] && [ ! -f /var/www/html/config/apps.config.php ]; then
-        cp -a /usr/src/nextcloud/config/apps.config.php /var/www/html/config/apps.config.php
-    fi
-
-    if [ ! -d /var/www/html/custom_apps ] || directory_empty /var/www/html/custom_apps; then
-        cp -arT /usr/src/nextcloud/custom_apps /var/www/html/custom_apps
-    fi
-
     if [ "$installed_version" != "0.0.0~unknown" ]; then
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ upgrade --no-app-disable'
+        run_as 'php /var/www/html/occ upgrade --no-app-disable'
 
-        su - www-data -s /bin/bash -c 'php /var/www/html/occ app:list' > /tmp/list_after
+        run_as 'php /var/www/html/occ app:list' > /tmp/list_after
         echo "The following apps have beed disabled:"
         diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1
         rm -f /tmp/list_before /tmp/list_after
author	Tilo Spannagel <development@tilosp.de>	2017-08-26 16:26:16 +0200
committer	GitHub <noreply@github.com>	2017-08-26 16:26:16 +0200
commit	261f545fabcbf4b1e4a1aa5400ee480be5ce629d (patch)
tree	4fe68de72617bc870a2a3012122e8d41f451646b
parent	2220249a20b6b92e25f51eb7c1f39a77b7838c49 (diff)
parent	6ed3dfe5568941b482cd7d19a39bd19dec05f642 (diff)