From bb659ee27ab2fd4c90c801151603defc4da7211a Mon Sep 17 00:00:00 2001 From: Carey Metcalfe Date: Fri, 8 Aug 2025 07:36:57 -0400 Subject: Optimize how much data needs to be `chown`/`chmod`ed on container startup (#7793) * Optimize how much data needs to be `chown`/`chmod`ed on container startup This works around an issue where `chmod`/`chown` operations inside a container can be extremely slow when using the `overlay2` storage driver, resulting in 10min+ container startup times. It modifies the owner of the webapp when building the container so that only the `data` and `extensions` directories (which are commonly mapped as volumes into the container) have to be modified by the `access-permissions.sh` script at container startup. When not running via docker the behaviour of the `access-permissions.sh` script is unchanged. * Take DATA_PATH environment variable into account when fixing permissions * Revert change to using bash for arrays (the alpine image doesn't include `bash`) * A few more improvements * Slightly tweak reapply permissions variable - lowercase to indicate it's not an env variable - use 0/1 to address potentially-irrational paranoia about unset variables * Remove conditional logic to skip reapplying permissions Also documents why in a comment so it's not missed in the future. --------- Co-authored-by: Alexandre Alapetite --- cli/access-permissions.sh | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'cli') diff --git a/cli/access-permissions.sh b/cli/access-permissions.sh index 6a6038ef4..1286d34aa 100755 --- a/cli/access-permissions.sh +++ b/cli/access-permissions.sh @@ -11,12 +11,22 @@ if [ "$(id -u)" -ne 0 ]; then exit 3 fi +# Always fix permissions on the data and extensions directories +# If specified, only fix the data and extensions directories +data_path="${DATA_PATH:-./data}" +if [ "${1:-}" = "--only-userdirs" ]; then + to_update="./extensions" +else + to_update="." +fi + +mkdir -p "${data_path}/users/_/" + # Based on group access -chown -R :www-data . +chown -R :www-data "$data_path" "$to_update" # Read files, and directory traversal -chmod -R g+rX . +chmod -R g+rX "$data_path" "$to_update" -# Write access -mkdir -p ./data/users/_/ -chmod -R g+w ./data/ +# Write access to data +chmod -R g+w "$data_path" -- cgit v1.2.3