Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix permissions #15

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 23 additions & 19 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -8,24 +8,24 @@ ENV TERM=xterm-256color
CMD ["/sbin/my_init"]

RUN true && \
\
DEBIAN_FRONTEND=noninteractive && \
\
# Speed up APT
echo "force-unsafe-io" > /etc/dpkg/dpkg.cfg.d/02apt-speedup && \
echo "Acquire::http {No-Cache=True;};" > /etc/apt/apt.conf.d/no-cache && \
\
# Install prerequisites
apt-get update && \
apt-get install -qy libasound2 wget && \
\
# clean up
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
/usr/share/man /usr/share/groff /usr/share/info \
/usr/share/lintian /usr/share/linda /var/cache/man && \
(( find /usr/share/doc -depth -type f ! -name copyright|xargs rm || true )) && \
(( find /usr/share/doc -empty|xargs rmdir || true ))
\
DEBIAN_FRONTEND=noninteractive && \
\
# Speed up APT
echo "force-unsafe-io" > /etc/dpkg/dpkg.cfg.d/02apt-speedup && \
echo "Acquire::http {No-Cache=True;};" > /etc/apt/apt.conf.d/no-cache && \
\
# Install prerequisites
apt-get update && \
apt-get install -qy libasound2 wget && \
\
# clean up
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
/usr/share/man /usr/share/groff /usr/share/info \
/usr/share/lintian /usr/share/linda /var/cache/man && \
(( find /usr/share/doc -depth -type f ! -name copyright|xargs rm || true )) && \
(( find /usr/share/doc -empty|xargs rmdir || true ))

VOLUME [ "/config", "/archive" ]

Expand All @@ -44,8 +44,12 @@ RUN chmod +x /etc/my_init.d/30_parse_config_file.sh /etc/my_init.d/40_install_xe
COPY update_xeoma.sh /etc/cron.hourly/update_xeoma
RUN chmod +x /etc/cron.hourly/update_xeoma

# Script to set permissions to not be world-writable
COPY update-permissions.sh /etc/cron.hourly/update-permissions.sh
RUN chmod +x /etc/cron.hourly/update-permissions.sh

COPY xeoma.sh /etc/service/xeoma/run
RUN chmod +x /etc/service/xeoma/run

RUN mkdir /archive-cache && \
echo 'This is a placeholder to detect when a host volume is mapped to /archive-cache' > /archive-cache/4vagl0js6k
echo 'This is a placeholder to detect when a host volume is mapped to /archive-cache' > /archive-cache/4vagl0js6k
8 changes: 8 additions & 0 deletions update-permissions.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

/bin/sleep 8
/bin/chmod -R og-rwx /config
/bin/chmod -R og-w /archive
/bin/chmod -R og-w /archive-cache

echo "[`date '+%b %d %X'`] Applied permissions restrictions"
3 changes: 3 additions & 0 deletions xeoma.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ function ts {

echo "$(ts) Starting the server in 5 seconds. See the log directory in your config directory for server logs."

# Fire off the delayed permissions setting manually
/etc/cron.hourly/update-permissions.sh &

if [[ -e /archive-cache/4vagl0js6k ]]
then
echo "$(ts) Not using archive cache"
Expand Down