diff options
| author |  Carey Metcalfe <carey@cmetcalfe.ca>
| 2025-08-08 07:36:57 -0400 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-08-08 13:36:57 +0200 |
| commit | bb659ee27ab2fd4c90c801151603defc4da7211a (patch) | |
| tree | 64e874993182955ecdd0fc22deb9e7388e7bde3a /cli | |
| parent | 084f9549804b98a266a8438614064f873fd07b07 (diff) | |
Optimize how much data needs to be `chown`/`chmod`ed on container startup (#7793)
* Optimize how much data needs to be `chown`/`chmod`ed on container startup
This works around an issue where `chmod`/`chown` operations inside a
container can be extremely slow when using the `overlay2` storage
driver, resulting in 10min+ container startup times.
It modifies the owner of the webapp when building the container so that
only the `data` and `extensions` directories (which are commonly mapped
as volumes into the container) have to be modified by the
`access-permissions.sh` script at container startup.
When not running via docker the behaviour of the `access-permissions.sh`
script is unchanged.
* Take DATA_PATH environment variable into account when fixing permissions
* Revert change to using bash for arrays
(the alpine image doesn't include `bash`)
* A few more improvements
* Slightly tweak reapply permissions variable
- lowercase to indicate it's not an env variable
- use 0/1 to address potentially-irrational paranoia about unset variables
* Remove conditional logic to skip reapplying permissions
Also documents why in a comment so it's not missed in the future.
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Diffstat (limited to 'cli')
| -rwxr-xr-x | cli/access-permissions.sh | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/cli/access-permissions.sh b/cli/access-permissions.sh index 6a6038ef4..1286d34aa 100755 --- a/cli/access-permissions.sh +++ b/cli/access-permissions.sh @@ -11,12 +11,22 @@ if [ "$(id -u)" -ne 0 ]; then exit 3 fi +# Always fix permissions on the data and extensions directories +# If specified, only fix the data and extensions directories +data_path="${DATA_PATH:-./data}" +if [ "${1:-}" = "--only-userdirs" ]; then + to_update="./extensions" +else + to_update="." +fi + +mkdir -p "${data_path}/users/_/" + # Based on group access -chown -R :www-data . +chown -R :www-data "$data_path" "$to_update" # Read files, and directory traversal -chmod -R g+rX . +chmod -R g+rX "$data_path" "$to_update" -# Write access -mkdir -p ./data/users/_/ -chmod -R g+w ./data/ +# Write access to data +chmod -R g+w "$data_path" |