Skip to content

Commit 3af2fa4

Browse files
kocoloskkocolosk
committed
Chmod config files only if necessary
This patch also drops the target permissions from 775/664 to 755/644, as the latter permissions are the ones set by the CouchDB installation itself.
1 parent e07f095 commit 3af2fa4

File tree

2 files changed

+14
-4
lines changed

2 files changed

+14
-4
lines changed

2.2.0/docker-entrypoint.sh

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,8 +41,12 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
4141
find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
4242
find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
4343

44-
find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \;
45-
chmod -f 775 /opt/couchdb/etc/*.d || true
44+
# Do the same thing for configuration files and directories. Technically
45+
# CouchDB only needs read access to the configuration files as all online
46+
# changes will be applied to the "docker.ini" file below, but we set 644
47+
# for the sake of consistency.
48+
find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
49+
find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
4650

4751
if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then
4852
echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args

dev/docker-entrypoint.sh

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,14 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
3737
find /opt/couchdb/data -type d ! -perm 0755 -exec chmod 0755 '{}' +
3838
find /opt/couchdb/data -type f ! -perm 0644 -exec chmod 0644 '{}' +
3939

40-
find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \;
41-
chmod -f 775 /opt/couchdb/etc/*.d || true
40+
# Do something similar for configuration files and directories. Technically
41+
# CouchDB only needs read access to the configuration files as all online
42+
# changes will be applied to the "docker.ini" file below, but we set 644
43+
# for the sake of consistency. We also add the `-f` flag because there may
44+
# be cases where some of the contents of etc/ are mounted read-only, and if
45+
# those files allow couchdb to read them we don't want to crash here ...
46+
find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 '{}' +
47+
find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 '{}' +
4248

4349
if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then
4450
echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args

0 commit comments

Comments
 (0)