mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-04-04 22:53:27 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
5c7ea3c7e59131e854077757efd4fbc2c54bc5ea
FreshRSS/cli/access-permissions.sh
Carey Metcalfe bb659ee27a Optimize how much data needs to be chown/chmoded on container startup (#7793) 
* Optimize how much data needs to be `chown`/`chmod`ed on container startup

This works around an issue where `chmod`/`chown` operations inside a
container can be extremely slow when using the `overlay2` storage
driver, resulting in 10min+ container startup times.

It modifies the owner of the webapp when building the container so that
only the `data` and `extensions` directories (which are commonly mapped
as volumes into the container) have to be modified by the
`access-permissions.sh` script at container startup.

When not running via docker the behaviour of the `access-permissions.sh`
script is unchanged.

* Take DATA_PATH environment variable into account when fixing permissions

* Revert change to using bash for arrays

(the alpine image doesn't include `bash`)

* A few more improvements

* Slightly tweak reapply permissions variable

- lowercase to indicate it's not an env variable
- use 0/1 to address potentially-irrational paranoia about unset variables

* Remove conditional logic to skip reapplying permissions

Also documents why in a comment so it's not missed in the future.

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
2025-08-08 13:36:57 +02:00

33 lines
777 B
Bash
Executable File
Raw Blame History

#!/bin/sh
# Apply access permissions
if [ ! -f './constants.php' ] || [ ! -d './cli/' ]; then
echo >&2 '⛔ It does not look like a FreshRSS directory; exiting!'
exit 2
fi
if [ "$(id -u)" -ne 0 ]; then
echo >&2 '⛔ Applying access permissions require running as root or sudo!'
exit 3
fi
# Always fix permissions on the data and extensions directories
# If specified, only fix the data and extensions directories
data_path="${DATA_PATH:-./data}"
if [ "${1:-}" = "--only-userdirs" ]; then
to_update="./extensions"
else
to_update="."
fi
mkdir -p "${data_path}/users/_/"
# Based on group access
chown -R :www-data "$data_path" "$to_update"
# Read files, and directory traversal
chmod -R g+rX "$data_path" "$to_update"
# Write access to data
chmod -R g+w "$data_path"
Reference in New Issue View Git Blame Copy Permalink