Skip to content

Commit 4f9df89

Browse files
jc21jc21
committed
Ownership script shakeup
- Don't touch a file to determine if we need to run - Instead, check ownership of each location and skip it if we are happy - Keeping SKIP_CERTBOT_OWNERSHIP flag - More vebose logging of outcomes
1 parent 304b38e commit 4f9df89

File tree

1 file changed

+45
-27
lines changed

1 file changed

+45
-27
lines changed

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

Lines changed: 45 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -8,35 +8,53 @@ log_info 'Setting ownership ...'
88
# root
99
chown root /tmp/nginx
1010

11-
# npm user and group
12-
chown -R "$PUID:$PGID" /data
13-
chown -R "$PUID:$PGID" /etc/letsencrypt
14-
chown -R "$PUID:$PGID" /run/nginx
15-
chown -R "$PUID:$PGID" /tmp/nginx
16-
chown -R "$PUID:$PGID" /var/cache/nginx
17-
chown -R "$PUID:$PGID" /var/lib/logrotate
18-
chown -R "$PUID:$PGID" /var/lib/nginx
19-
chown -R "$PUID:$PGID" /var/log/nginx
20-
21-
# Don't chown entire /etc/nginx folder as this causes crashes on some systems
22-
chown -R "$PUID:$PGID" /etc/nginx/nginx
23-
chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
24-
chown -R "$PUID:$PGID" /etc/nginx/conf.d
25-
26-
# Certbot directories - optimized approach
27-
CERT_INIT_FLAG="/opt/certbot/.ownership_initialized"
28-
29-
if [ ! -f "$CERT_INIT_FLAG" ] && [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
30-
# Prevents errors when installing python certbot plugins when non-root
31-
log_info 'Changing ownership of /opt/certbot directories ...'
32-
chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
11+
locations=(
12+
"/data"
13+
"/etc/letsencrypt"
14+
"/run/nginx"
15+
"/tmp/nginx"
16+
"/var/cache/nginx"
17+
"/var/lib/logrotate"
18+
"/var/lib/nginx"
19+
"/var/log/nginx"
20+
"/etc/nginx/nginx"
21+
"/etc/nginx/nginx.conf"
22+
"/etc/nginx/conf.d"
23+
)
24+
25+
chownit() {
26+
local dir="$1"
27+
local recursive="${2:-true}"
28+
29+
local have
30+
have="$(stat -c '%u:%g' "$dir")"
31+
echo -n " $dir ... "
32+
33+
if [ "$have" != "$PUID:$PGID" ]; then
34+
if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then
35+
chown -R "$PUID:$PGID" "$dir"
36+
else
37+
chown "$PUID:$PGID" "$dir"
38+
fi
39+
echo "DONE"
40+
else
41+
echo "SKIPPED"
42+
fi
43+
}
44+
45+
for loc in "${locations[@]}"; do
46+
chownit "$loc"
47+
done
48+
49+
if [ "${SKIP_CERTBOT_OWNERSHIP:-}" != "true" ]; then
50+
log_info 'Changing ownership of certbot directories, this may take some time ...'
51+
chownit "/opt/certbot" false
52+
chownit "/opt/certbot/bin" false
3353

3454
# Handle all site-packages directories efficiently
3555
find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
36-
chown -R "$PUID:$PGID" "$SITE_PACKAGES_DIR"
56+
chownit "$SITE_PACKAGES_DIR"
3757
done
38-
39-
# Create a flag file to skip this step on subsequent runs
40-
touch "$CERT_INIT_FLAG"
41-
chown "$PUID:$PGID" "$CERT_INIT_FLAG"
58+
else
59+
log_info 'Skipping ownership change of certbot directories'
4260
fi

0 commit comments

Comments
 (0)