diff --git a/DockerEnv b/DockerEnv index 256d4f21e..0b0174cf1 100644 --- a/DockerEnv +++ b/DockerEnv @@ -9,6 +9,7 @@ #UFW_ALLOW_GW_NET=false #UFW_EXTRA_PORTS= #UFW_DISABLE_IPTABLES_REJECT=false +#GLOBAL_APPLY_PERMISSIONS=true #TRANSMISSION_ALT_SPEED_DOWN=50 #TRANSMISSION_ALT_SPEED_ENABLED=false #TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 diff --git a/Dockerfile b/Dockerfile index 8b540c5e8..05143955e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,6 +39,7 @@ ADD tinyproxy /opt/tinyproxy/ ENV OPENVPN_USERNAME=**None** \ OPENVPN_PASSWORD=**None** \ OPENVPN_PROVIDER=**None** \ + GLOBAL_APPLY_PERMISSIONS=true \ TRANSMISSION_ALT_SPEED_DOWN=50 \ TRANSMISSION_ALT_SPEED_ENABLED=false \ TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 \ diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 080338b60..b5cf3cf57 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -29,6 +29,7 @@ ADD transmission/ /etc/transmission/ ENV OPENVPN_USERNAME=**None** \ OPENVPN_PASSWORD=**None** \ OPENVPN_PROVIDER=**None** \ + GLOBAL_APPLY_PERMISSIONS=true \ TRANSMISSION_ALT_SPEED_DOWN=50 \ TRANSMISSION_ALT_SPEED_ENABLED=false \ TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 6182b97c8..ba9e89f2f 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -32,6 +32,7 @@ ADD tinyproxy /opt/tinyproxy/ ENV OPENVPN_USERNAME=**None** \ OPENVPN_PASSWORD=**None** \ OPENVPN_PROVIDER=**None** \ + GLOBAL_APPLY_PERMISSIONS=true \ TRANSMISSION_ALT_SPEED_DOWN=50 \ TRANSMISSION_ALT_SPEED_ENABLED=false \ TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 \ diff --git a/README.md b/README.md index 1e89d92e0..2892a9ff4 100644 --- a/README.md +++ b/README.md @@ -154,6 +154,13 @@ If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to t |`UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443`| |`UFW_DISABLE_IPTABLES_REJECT` | Prevents the use of `REJECT` in the `iptables` rules, for hosts without the `ipt_REJECT` module (such as the Synology NAS). | `UFW_DISABLE_IPTABLES_REJECT=true`| +### Permission configuration options +By default the startup script applies a default set of permissions and ownership on the transmission download, watch and incomplete directories. The GLOBAL_APPLY_PERMISSIONS directive can be used to disable this functionality. + +| Variable | Function | Example | +|----------|----------|-------| +|`GLOBAL_APPLY_PERMISSIONS` | Disable setting of default permissions | `GLOBAL_APPLY_PERMISSIONS=false`| + ### Alternative web UIs You can override the default web UI by setting the ```TRANSMISSION_WEB_HOME``` environment variable. If set, Transmission will look there for the Web Interface files, such as the javascript, html, and graphics files. diff --git a/transmission/userSetup.sh b/transmission/userSetup.sh index aca053eca..210a2361e 100644 --- a/transmission/userSetup.sh +++ b/transmission/userSetup.sh @@ -16,21 +16,29 @@ if [ -n "$PUID" ] && [ ! "$(id -u root)" -eq "$PUID" ]; then ${TRANSMISSION_INCOMPLETE_DIR} \ ${TRANSMISSION_WATCH_DIR} - echo "Setting owner for transmission paths to ${PUID}:${PGID}" + echo "Enforcing ownership on transmission config directories" chown -R ${RUN_AS}:${RUN_AS} \ /config \ - ${TRANSMISSION_HOME} \ - ${TRANSMISSION_DOWNLOAD_DIR} \ - ${TRANSMISSION_INCOMPLETE_DIR} \ - ${TRANSMISSION_WATCH_DIR} - - echo "Setting permission for files (644) and directories (755)" + ${TRANSMISSION_HOME} + + echo "Applying permissions to transmission config directories" chmod -R go=rX,u=rwX \ /config \ - ${TRANSMISSION_HOME} \ - ${TRANSMISSION_DOWNLOAD_DIR} \ - ${TRANSMISSION_INCOMPLETE_DIR} \ - ${TRANSMISSION_WATCH_DIR} + ${TRANSMISSION_HOME} + + if [ "$GLOBAL_APPLY_PERMISSIONS" = true ] ; then + echo "Setting owner for transmission paths to ${PUID}:${PGID}" + chown -R ${RUN_AS}:${RUN_AS} \ + ${TRANSMISSION_DOWNLOAD_DIR} \ + ${TRANSMISSION_INCOMPLETE_DIR} \ + ${TRANSMISSION_WATCH_DIR} + + echo "Setting permission for files (644) and directories (755)" + chmod -R go=rX,u=rwX \ + ${TRANSMISSION_DOWNLOAD_DIR} \ + ${TRANSMISSION_INCOMPLETE_DIR} \ + ${TRANSMISSION_WATCH_DIR} + fi fi echo "