From 1abc76f066e7baec8321229b0a3c31dd93400b7e Mon Sep 17 00:00:00 2001 From: dcrdev Date: Tue, 26 Jun 2018 19:41:16 +0100 Subject: [PATCH 1/2] Add option to disable setting of default permissions --- DockerEnv | 1 + Dockerfile | 1 + README.md | 7 +++++++ transmission/userSetup.sh | 22 ++++++++++++++++------ 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/DockerEnv b/DockerEnv index 19d7f937c..8e5e7d0bb 100644 --- a/DockerEnv +++ b/DockerEnv @@ -8,6 +8,7 @@ #ENABLE_UFW=false #UFW_ALLOW_GW_NET=false #UFW_EXTRA_PORTS= +#GLOBAL_APPLY_PERMISSIONS=true #TRANSMISSION_ALT_SPEED_DOWN=50 #TRANSMISSION_ALT_SPEED_ENABLED=false #TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 diff --git a/Dockerfile b/Dockerfile index e0191f392..258c48689 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,6 +39,7 @@ ADD tinyproxy /opt/tinyproxy/ ENV OPENVPN_USERNAME=**None** \ OPENVPN_PASSWORD=**None** \ OPENVPN_PROVIDER=**None** \ + GLOBAL_APPLY_PERMISSIONS=true \ TRANSMISSION_ALT_SPEED_DOWN=50 \ TRANSMISSION_ALT_SPEED_ENABLED=false \ TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 \ diff --git a/README.md b/README.md index abbb3dea2..10dae763b 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,13 @@ If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to t |`UFW_ALLOW_GW_NET` | Allows the gateway network through the firewall. Off defaults to only allowing the gateway. | `UFW_ALLOW_GW_NET=true`| |`UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respsects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443`| +### Permission configuration options +By default the startup script applies a default set of permissions and ownership on the transmission download, watch and incomplete directories. The GLOBAL_APPLY_PERMISSIONS directive can be used to disable this functionality. + +| Variable | Function | Example | +|----------|----------|-------| +|`GLOBAL_APPLY_PERMISSIONS` | Disable setting of default permissions | `GLOBAL_APPLY_PERMISSIONS=false`| + ### Alternative web UIs You can override the default web UI by setting the ```TRANSMISSION_WEB_HOME``` environment variable. If set, Transmission will look there for the Web Interface files, such as the javascript, html, and graphics files. diff --git a/transmission/userSetup.sh b/transmission/userSetup.sh index ee9d2b849..df8a8af83 100644 --- a/transmission/userSetup.sh +++ b/transmission/userSetup.sh @@ -4,6 +4,16 @@ RUN_AS=root +TEMP_TRAN_DOWNLOAD_DIR=${TRANSMISSION_DOWNLOAD_DIR} +TEMP_TRAN_INCOMPLETE_DIR=${TRANSMISSION_INCOMPLETE_DIR} +TEMP_TRAN_WATCH_DIR=${TRANSMISSION_WATCH_DIR} + +if ! [ "$GLOBAL_APPLY_PERMISSIONS" = true ] ; then + unset TEMP_TRAN_DOWNLOAD_DIR + unset TEMP_TRAN_INCOMPLETE_DIR + unset TEMP_TRAN_WATCH_DIR +fi + if [ -n "$PUID" ] && [ ! "$(id -u root)" -eq "$PUID" ]; then RUN_AS=abc if [ ! "$(id -u ${RUN_AS})" -eq "$PUID" ]; then usermod -o -u "$PUID" ${RUN_AS} ; fi @@ -13,17 +23,17 @@ if [ -n "$PUID" ] && [ ! "$(id -u root)" -eq "$PUID" ]; then chown -R ${RUN_AS}:${RUN_AS} \ /config \ ${TRANSMISSION_HOME} \ - ${TRANSMISSION_DOWNLOAD_DIR} \ - ${TRANSMISSION_INCOMPLETE_DIR} \ - ${TRANSMISSION_WATCH_DIR} + ${TEMP_TRAN_DOWNLOAD_DIR} \ + ${TEMP_TRAN_INCOMPLETE_DIR} \ + ${TEMP_TRAN_WATCH_DIR} echo "Setting permission for files (644) and directories (755)" chmod -R go=rX,u=rwX \ /config \ ${TRANSMISSION_HOME} \ - ${TRANSMISSION_DOWNLOAD_DIR} \ - ${TRANSMISSION_INCOMPLETE_DIR} \ - ${TRANSMISSION_WATCH_DIR} + ${TEMP_TRAN_DOWNLOAD_DIR} \ + ${TEMP_TRAN_INCOMPLETE_DIR} \ + ${TEMP_TRAN_WATCH_DIR} fi echo " From 4db9d91957a4c4e303d64ea0b60b4f76db6429c2 Mon Sep 17 00:00:00 2001 From: dcrdev Date: Thu, 19 Jul 2018 19:29:08 +0100 Subject: [PATCH 2/2] Refactor global permissions logic / add new directive to alpine/arm DockerFile --- Dockerfile.alpine | 1 + Dockerfile.armhf | 1 + transmission/userSetup.sh | 38 ++++++++++++++++++-------------------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 38b85df09..6db80ad01 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -29,6 +29,7 @@ ADD transmission/ /etc/transmission/ ENV OPENVPN_USERNAME=**None** \ OPENVPN_PASSWORD=**None** \ OPENVPN_PROVIDER=**None** \ + GLOBAL_APPLY_PERMISSIONS=true \ TRANSMISSION_ALT_SPEED_DOWN=50 \ TRANSMISSION_ALT_SPEED_ENABLED=false \ TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 9555adabb..a3b731e08 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -32,6 +32,7 @@ ADD tinyproxy /opt/tinyproxy/ ENV OPENVPN_USERNAME=**None** \ OPENVPN_PASSWORD=**None** \ OPENVPN_PROVIDER=**None** \ + GLOBAL_APPLY_PERMISSIONS=true \ TRANSMISSION_ALT_SPEED_DOWN=50 \ TRANSMISSION_ALT_SPEED_ENABLED=false \ TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 \ diff --git a/transmission/userSetup.sh b/transmission/userSetup.sh index df8a8af83..4b79bc692 100644 --- a/transmission/userSetup.sh +++ b/transmission/userSetup.sh @@ -4,36 +4,34 @@ RUN_AS=root -TEMP_TRAN_DOWNLOAD_DIR=${TRANSMISSION_DOWNLOAD_DIR} -TEMP_TRAN_INCOMPLETE_DIR=${TRANSMISSION_INCOMPLETE_DIR} -TEMP_TRAN_WATCH_DIR=${TRANSMISSION_WATCH_DIR} - -if ! [ "$GLOBAL_APPLY_PERMISSIONS" = true ] ; then - unset TEMP_TRAN_DOWNLOAD_DIR - unset TEMP_TRAN_INCOMPLETE_DIR - unset TEMP_TRAN_WATCH_DIR -fi - if [ -n "$PUID" ] && [ ! "$(id -u root)" -eq "$PUID" ]; then RUN_AS=abc if [ ! "$(id -u ${RUN_AS})" -eq "$PUID" ]; then usermod -o -u "$PUID" ${RUN_AS} ; fi if [ ! "$(id -g ${RUN_AS})" -eq "$PGID" ]; then groupmod -o -g "$PGID" ${RUN_AS} ; fi - echo "Setting owner for transmission paths to ${PUID}:${PGID}" + echo "Enforcing ownership on transmission config directories" chown -R ${RUN_AS}:${RUN_AS} \ /config \ - ${TRANSMISSION_HOME} \ - ${TEMP_TRAN_DOWNLOAD_DIR} \ - ${TEMP_TRAN_INCOMPLETE_DIR} \ - ${TEMP_TRAN_WATCH_DIR} + ${TRANSMISSION_HOME} - echo "Setting permission for files (644) and directories (755)" + echo "Applying permissions to transmission config directories" chmod -R go=rX,u=rwX \ /config \ - ${TRANSMISSION_HOME} \ - ${TEMP_TRAN_DOWNLOAD_DIR} \ - ${TEMP_TRAN_INCOMPLETE_DIR} \ - ${TEMP_TRAN_WATCH_DIR} + ${TRANSMISSION_HOME} + + if [ "$GLOBAL_APPLY_PERMISSIONS" = true ] ; then + echo "Setting owner for transmission paths to ${PUID}:${PGID}" + chown -R ${RUN_AS}:${RUN_AS} \ + ${TRANSMISSION_DOWNLOAD_DIR} \ + ${TRANSMISSION_INCOMPLETE_DIR} \ + ${TRANSMISSION_WATCH_DIR} + + echo "Setting permission for files (644) and directories (755)" + chmod -R go=rX,u=rwX \ + ${TRANSMISSION_DOWNLOAD_DIR} \ + ${TRANSMISSION_INCOMPLETE_DIR} \ + ${TRANSMISSION_WATCH_DIR} + fi fi echo "