aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Docker/Dockerfile2
-rw-r--r--Docker/Dockerfile-Alpine2
-rw-r--r--Docker/Dockerfile-Newest2
-rw-r--r--Docker/Dockerfile-Oldest2
-rwxr-xr-xDocker/entrypoint.sh6
-rwxr-xr-xcli/access-permissions.sh20
6 files changed, 23 insertions, 11 deletions
diff --git a/Docker/Dockerfile b/Docker/Dockerfile
index ab7bcacb9..9dc24fe60 100644
--- a/Docker/Dockerfile
+++ b/Docker/Dockerfile
@@ -16,7 +16,7 @@ RUN apt-get update && \
RUN mkdir -p /var/www/FreshRSS/ /run/apache2/
WORKDIR /var/www/FreshRSS
-COPY . /var/www/FreshRSS
+COPY --chown=root:www-data . /var/www/FreshRSS
COPY ./Docker/*.Apache.conf /etc/apache2/sites-available/
ARG FRESHRSS_VERSION
diff --git a/Docker/Dockerfile-Alpine b/Docker/Dockerfile-Alpine
index 74729f53a..26cccd6c9 100644
--- a/Docker/Dockerfile-Alpine
+++ b/Docker/Dockerfile-Alpine
@@ -13,7 +13,7 @@ RUN apk add --no-cache \
RUN mkdir -p /var/www/FreshRSS /run/apache2/
WORKDIR /var/www/FreshRSS
-COPY . /var/www/FreshRSS
+COPY --chown=root:www-data . /var/www/FreshRSS
COPY ./Docker/*.Apache.conf /etc/apache2/conf.d/
ARG FRESHRSS_VERSION
diff --git a/Docker/Dockerfile-Newest b/Docker/Dockerfile-Newest
index 96b9660db..470e66733 100644
--- a/Docker/Dockerfile-Newest
+++ b/Docker/Dockerfile-Newest
@@ -14,7 +14,7 @@ RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/reposit
RUN mkdir -p /var/www/FreshRSS /run/apache2/
WORKDIR /var/www/FreshRSS
-COPY . /var/www/FreshRSS
+COPY --chown=root:www-data . /var/www/FreshRSS
COPY ./Docker/*.Apache.conf /etc/apache2/conf.d/
ARG FRESHRSS_VERSION
diff --git a/Docker/Dockerfile-Oldest b/Docker/Dockerfile-Oldest
index 38fbadede..e31c75f20 100644
--- a/Docker/Dockerfile-Oldest
+++ b/Docker/Dockerfile-Oldest
@@ -13,7 +13,7 @@ RUN apk add --no-cache \
RUN mkdir -p /var/www/FreshRSS /run/apache2/
WORKDIR /var/www/FreshRSS
-COPY . /var/www/FreshRSS
+COPY --chown=root:www-data . /var/www/FreshRSS
COPY ./Docker/*.Apache.conf /etc/apache2/conf.d/
ARG FRESHRSS_VERSION
diff --git a/Docker/entrypoint.sh b/Docker/entrypoint.sh
index 47a132d53..88e00bbce 100755
--- a/Docker/entrypoint.sh
+++ b/Docker/entrypoint.sh
@@ -45,7 +45,7 @@ if [ -n "$CRON_MIN" ]; then
-r "s#^[^ ]+ #$CRON_MIN #" | crontab -
fi
-./cli/access-permissions.sh
+./cli/access-permissions.sh --only-userdirs
php -f ./cli/prepare.php >/dev/null
@@ -82,6 +82,8 @@ if [ -n "$FRESHRSS_USER" ]; then
fi
fi
-./cli/access-permissions.sh
+# Fix permissions of data added by prepare.php as well as a potential
+# installation/user setup
+./cli/access-permissions.sh --only-userdirs
exec "$@"
diff --git a/cli/access-permissions.sh b/cli/access-permissions.sh
index 6a6038ef4..1286d34aa 100755
--- a/cli/access-permissions.sh
+++ b/cli/access-permissions.sh
@@ -11,12 +11,22 @@ if [ "$(id -u)" -ne 0 ]; then
exit 3
fi
+# Always fix permissions on the data and extensions directories
+# If specified, only fix the data and extensions directories
+data_path="${DATA_PATH:-./data}"
+if [ "${1:-}" = "--only-userdirs" ]; then
+ to_update="./extensions"
+else
+ to_update="."
+fi
+
+mkdir -p "${data_path}/users/_/"
+
# Based on group access
-chown -R :www-data .
+chown -R :www-data "$data_path" "$to_update"
# Read files, and directory traversal
-chmod -R g+rX .
+chmod -R g+rX "$data_path" "$to_update"
-# Write access
-mkdir -p ./data/users/_/
-chmod -R g+w ./data/
+# Write access to data
+chmod -R g+w "$data_path"
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 12:07:52 +0000