set sane permissions on cache/lockfiles/feed-icons instead of hardcoding a+rwx

2025-08-05 13:47:25 +02:00 · 2025-07-12 08:33:51 +03:00 · 2025-07-12 08:33:51 +03:00 · d9e2cd44ce
commit d9e2cd44ce
parent dea41c6a3d
2 changed files with 4 additions and 5 deletions
--- a/.docker/app/startup.sh
+++ b/.docker/app/startup.sh
@ -65,10 +65,9 @@ done
 # - fatal error: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied
 chown -R app:app /root # /.postgresql

-# TODO chown -R app:app should be enough (?)
 for d in cache lock feed-icons; do
-	chmod 777 $DST_DIR/$d
-	find $DST_DIR/$d -type f -exec chmod 666 {} \;
+	chown -R app:app $DST_DIR/$d
+	chmod -R u=rwX,g=rX,o=rX $DST_DIR/$d
 done

 sudo -u app cp ${SCRIPT_ROOT}/config.docker.php $DST_DIR/config.php
--- a/.docker/app/update.sh
+++ b/.docker/app/update.sh
@ -55,8 +55,8 @@ done
 chown -R app:app /root # /.postgresql

 for d in cache lock feed-icons; do
-	chmod 777 $DST_DIR/$d
-	find $DST_DIR/$d -type f -exec chmod 666 {} \;
+	chown -R app:app $DST_DIR/$d
+	chmod -R u=rwX,g=rX,o=rX $DST_DIR/$d
 done

 sudo -u app cp ${SCRIPT_ROOT}/config.docker.php $DST_DIR/config.php