Skip to content

Commit 2468c9d

Browse files
tianontianon
committed
Update permissions from 777 to 1777 (redux)
I somehow missed Debian in 25b3034 (only updated Alpine), so this updates Debian in the same way. > This still supports the "arbitrary user" use case but with slightly tighter permissions on the end result. > > This one is a little bit more "special" other images (due to the existing runtime/entrypoint modification of the directory modes) so I've tried to pick reasonable values for both halves.
1 parent f85674c commit 2468c9d

File tree

26 files changed

+52
-52
lines changed

26 files changed

+52
-52
lines changed

Diff for: 11/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 11/alpine3.18/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 11/bookworm/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 11/bullseye/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 12/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 12/alpine3.18/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 12/bookworm/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 12/bullseye/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 13/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 13/alpine3.18/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 13/bookworm/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 13/bullseye/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 14/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 14/alpine3.18/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 14/bookworm/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 14/bullseye/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 15/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 15/alpine3.18/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 15/bookworm/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 15/bullseye/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 16/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 16/alpine3.18/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 16/bookworm/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: 16/bullseye/Dockerfile

+3-3
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: Dockerfile-alpine.template

+1-1
Original file line numberDiff line numberDiff line change
@@ -190,7 +190,7 @@ RUN set -eux; \
190190
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql
191191

192192
ENV PGDATA /var/lib/postgresql/data
193-
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
193+
# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values)
194194
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA"
195195
VOLUME /var/lib/postgresql/data
196196

Diff for: Dockerfile-debian.template

+3-3
Original file line numberDiff line numberDiff line change
@@ -173,11 +173,11 @@ RUN set -eux; \
173173
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \
174174
grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample
175175

176-
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
176+
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql
177177

178178
ENV PGDATA /var/lib/postgresql/data
179-
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
180-
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
179+
# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values)
180+
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA"
181181
VOLUME /var/lib/postgresql/data
182182

183183
COPY docker-entrypoint.sh /usr/local/bin/

0 commit comments

Comments
 (0)