Optimize how much data needs to be `chown`/`chmod`ed on container startup (#7793)

* Optimize how much data needs to be `chown`/`chmod`ed on container startup

This works around an issue where `chmod`/`chown` operations inside a
container can be extremely slow when using the `overlay2` storage
driver, resulting in 10min+ container startup times.

It modifies the owner of the webapp when building the container so that
only the `data` and `extensions` directories (which are commonly mapped
as volumes into the container) have to be modified by the
`access-permissions.sh` script at container startup.

When not running via docker the behaviour of the `access-permissions.sh`
script is unchanged.

* Take DATA_PATH environment variable into account when fixing permissions

* Revert change to using bash for arrays

(the alpine image doesn't include `bash`)

* A few more improvements

* Slightly tweak reapply permissions variable

- lowercase to indicate it's not an env variable
- use 0/1 to address potentially-irrational paranoia about unset variables

* Remove conditional logic to skip reapplying permissions

Also documents why in a comment so it's not missed in the future.

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>

5 files changed, 8 insertions, 6 deletions

diff --git a/Docker/Dockerfile b/Docker/Dockerfile
index ab7bcacb9..9dc24fe60 100644
--- a/Docker/Dockerfile
+++ b/Docker/Dockerfile
@@ -16,7 +16,7 @@ RUN apt-get update && \
 RUN mkdir -p /var/www/FreshRSS/ /run/apache2/
 WORKDIR /var/www/FreshRSS
 
-COPY . /var/www/FreshRSS
+COPY --chown=root:www-data . /var/www/FreshRSS
 COPY ./Docker/*.Apache.conf /etc/apache2/sites-available/
 
 ARG FRESHRSS_VERSION
diff --git a/Docker/Dockerfile-Alpine b/Docker/Dockerfile-Alpine
index 74729f53a..26cccd6c9 100644
--- a/Docker/Dockerfile-Alpine
+++ b/Docker/Dockerfile-Alpine
@@ -13,7 +13,7 @@ RUN apk add --no-cache \
 RUN mkdir -p /var/www/FreshRSS /run/apache2/
 WORKDIR /var/www/FreshRSS
 
-COPY . /var/www/FreshRSS
+COPY --chown=root:www-data . /var/www/FreshRSS
 COPY ./Docker/*.Apache.conf /etc/apache2/conf.d/
 
 ARG FRESHRSS_VERSION
diff --git a/Docker/Dockerfile-Newest b/Docker/Dockerfile-Newest
index 96b9660db..470e66733 100644
--- a/Docker/Dockerfile-Newest
+++ b/Docker/Dockerfile-Newest
@@ -14,7 +14,7 @@ RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/reposit
 RUN mkdir -p /var/www/FreshRSS /run/apache2/
 WORKDIR /var/www/FreshRSS
 
-COPY . /var/www/FreshRSS
+COPY --chown=root:www-data . /var/www/FreshRSS
 COPY ./Docker/*.Apache.conf /etc/apache2/conf.d/
 
 ARG FRESHRSS_VERSION
diff --git a/Docker/Dockerfile-Oldest b/Docker/Dockerfile-Oldest
index 38fbadede..e31c75f20 100644
--- a/Docker/Dockerfile-Oldest
+++ b/Docker/Dockerfile-Oldest
@@ -13,7 +13,7 @@ RUN apk add --no-cache \
 RUN mkdir -p /var/www/FreshRSS /run/apache2/
 WORKDIR /var/www/FreshRSS
 
-COPY . /var/www/FreshRSS
+COPY --chown=root:www-data . /var/www/FreshRSS
 COPY ./Docker/*.Apache.conf /etc/apache2/conf.d/
 
 ARG FRESHRSS_VERSION
diff --git a/Docker/entrypoint.sh b/Docker/entrypoint.sh
index 47a132d53..88e00bbce 100755
--- a/Docker/entrypoint.sh
+++ b/Docker/entrypoint.sh
@@ -45,7 +45,7 @@ if [ -n "$CRON_MIN" ]; then
 		-r "s#^[^ ]+ #$CRON_MIN #" | crontab -
 fi
 
-./cli/access-permissions.sh
+./cli/access-permissions.sh --only-userdirs
 
 php -f ./cli/prepare.php >/dev/null
 
@@ -82,6 +82,8 @@ if [ -n "$FRESHRSS_USER" ]; then
 	fi
 fi
 
-./cli/access-permissions.sh
+# Fix permissions of data added by prepare.php as well as a potential
+# installation/user setup
+./cli/access-permissions.sh --only-userdirs
 
 exec "$@"