@@ -25,36 +25,44 @@ if [ "$1" = 'couchdb' ]; then
2525fi
2626
2727if [ " $1 " = ' /opt/couchdb/bin/couchdb' ; then
28- # Check that we own everything in /opt/couchdb and fix if necessary. We also
29- # add the `-f` flag in all the following invocations because there may be
30- # cases where some of these ownership and permissions issues are non-fatal
31- # (e.g. a config file owned by root with o+r is actually fine), and we don't
32- # to be too aggressive about crashing here ...
33- find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb ' {}'
28+ # this is where runtime configuration changes will be written.
29+ # we need to explicitly touch it here in case /opt/couchdb/etc has
30+ # been mounted as an external volume, in which case it won't exist.
31+ # If running as the couchdb user (i.e. container starts as root),
32+ # write permissions will be granted below.
33+ touch /opt/couchdb/etc/local.d/docker.ini
34+
35+ # if user is root, assume running under the couchdb user (default)
36+ # and ensure it is able to access files and directories that may be mounted externally
37+ if [ " $( id -u) " = ' 0' ; then
38+ # Check that we own everything in /opt/couchdb and fix if necessary. We also
39+ # add the `-f` flag in all the following invocations because there may be
40+ # cases where some of these ownership and permissions issues are non-fatal
41+ # (e.g. a config file owned by root with o+r is actually fine), and we don't
42+ # to be too aggressive about crashing here ...
43+ find /opt/couchdb \! \( -user couchdb -group couchdb \) -exec chown -f couchdb:couchdb ' {}'
3444
35- # Ensure that data files have the correct permissions. We were previously
36- # preventing any access to these files outside of couchdb:couchdb, but it
37- # turns out that CouchDB itself does not set such restrictive permissions
38- # when it creates the files. The approach taken here ensures that the
39- # contents of the datadir have the same permissions as they had when they
40- # were initially created. This should minimize any startup delay.
41- find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 ' {}'
42- find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 ' {}'
45+ # Ensure that data files have the correct permissions. We were previously
46+ # preventing any access to these files outside of couchdb:couchdb, but it
47+ # turns out that CouchDB itself does not set such restrictive permissions
48+ # when it creates the files. The approach taken here ensures that the
49+ # contents of the datadir have the same permissions as they had when they
50+ # were initially created. This should minimize any startup delay.
51+ find /opt/couchdb/data -type d ! -perm 0755 -exec chmod -f 0755 ' {}'
52+ find /opt/couchdb/data -type f ! -perm 0644 -exec chmod -f 0644 ' {}'
4353
44- # Do the same thing for configuration files and directories. Technically
45- # CouchDB only needs read access to the configuration files as all online
46- # changes will be applied to the "docker.ini" file below, but we set 644
47- # for the sake of consistency.
48- find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 ' {}'
49- find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 ' {}'
54+ # Do the same thing for configuration files and directories. Technically
55+ # CouchDB only needs read access to the configuration files as all online
56+ # changes will be applied to the "docker.ini" file below, but we set 644
57+ # for the sake of consistency.
58+ find /opt/couchdb/etc -type d ! -perm 0755 -exec chmod -f 0755 ' {}'
59+ find /opt/couchdb/etc -type f ! -perm 0644 -exec chmod -f 0644 ' {}'
60+ fi
5061
5162 if [ ! -z " $NODENAME " && ! grep " couchdb@" ; then
5263 echo " -name couchdb@$NODENAME " >> /opt/couchdb/etc/vm.args
5364 fi
5465
55- # Ensure that CouchDB will write custom settings in this file
56- touch /opt/couchdb/etc/local.d/docker.ini
57-
5866 if [ " $COUCHDB_USER " && [ " $COUCHDB_PASSWORD " ; then
5967 # Create admin only if not already present
6068 if ! grep -Pzoqr " \[admins\]\n$COUCHDB_USER =" * .ini; then
@@ -69,7 +77,9 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
6977 fi
7078 fi
7179
72- chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
80+ if [ " $( id -u) " = ' 0' ; then
81+ chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true
82+ fi
7383
7484 # if we don't find an [admins] section followed by a non-comment, display a warning
7585 if ! grep -Pzoqr ' \[admins\]\n[^;]\w+' * .ini /opt/couchdb/etc/local.d/* .ini; then
@@ -88,8 +98,9 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then
8898 EOWARN
8999 fi
90100
91-
92- exec gosu couchdb " $@ "
101+ if [ " $( id -u) " = ' 0' ; then
102+ exec gosu couchdb " $@ "
103+ fi
93104fi
94105
95106exec " $@ "
0 commit comments