From 8f7748d1f3ee869355764bee519c910ad6ef5210 Mon Sep 17 00:00:00 2001 From: David Beniamine <david.beniamine@tetras-libre.fr> Date: Tue, 4 Feb 2025 17:09:45 +0100 Subject: [PATCH] Enforce file permissions --- .env.sample | 3 +++ docker-compose.yml | 8 +++++++- docker/Dockerfile | 6 ++++++ docker/entrypoint.sh | 15 +++++++++++++++ 4 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 docker/Dockerfile create mode 100755 docker/entrypoint.sh diff --git a/.env.sample b/.env.sample index 6ca4cd9..3525891 100644 --- a/.env.sample +++ b/.env.sample @@ -3,9 +3,12 @@ COMPOSE_FILE=docker-compose.yml:dev.yml # For prod #COMPOSE_FILE=docker-compose.yml:traefik.yml NAME=filebrowser +VERSION=v2 # Hostname for prod `FQDN` ex HOSTS=`files.example.org` HOSTS= DEV_PORT=8080 DATA_PATH=./data/files UID=1000 GID=1000 +DEFAULT_PERMS_DIR=755 +DEFAULT_PERMS_FILE=644 diff --git a/docker-compose.yml b/docker-compose.yml index 090b97f..36361c6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,8 +2,14 @@ version: "3" services: filebrowser: - image: filebrowser/filebrowser:v2 + build: + context: docker/ + args: + VERSION: user: "${UID}:${GID}" volumes: - ./data/database.db:/database.db - ${DATA_PATH}:/srv + environment: + DEFAULT_PERMS_DIR: + DEFAULT_PERMS_FILE: diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..2c384c4 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,6 @@ +ARG VERSION=v2 +FROM filebrowser/filebrowser:${VERSION} +COPY entrypoint.sh / +RUN apk add inotify-tools +ENTRYPOINT '/entrypoint.sh' + diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100755 index 0000000..38aabbf --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set_perms() { + inotifywait --monitor --recursive --quiet --event create /srv --format "%w%f" | \ + while read f;do + if [ -d "$f" ]; then + chmod -R $DEFAULT_PERMS_DIR "$f" + else + chmod $DEFAULT_PERMS_FILE "$f" + fi + done +} +set_perms & +exec /filebrowser + -- GitLab