From d9e2cd44ceca5ebbf4a5f4706865a5aae22ef19a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Sat, 12 Jul 2025 08:33:51 +0300
Subject: [PATCH] set sane permissions on cache/lockfiles/feed-icons instead of
 hardcoding a+rwx

---
 .docker/app/startup.sh | 5 ++---
 .docker/app/update.sh  | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/.docker/app/startup.sh b/.docker/app/startup.sh
index dbe6331b9..1174e8fae 100644
--- a/.docker/app/startup.sh
+++ b/.docker/app/startup.sh
@@ -65,10 +65,9 @@ done
 # - fatal error: could not open certificate file "/root/.postgresql/postgresql.crt": Permission denied
 chown -R app:app /root # /.postgresql
 
-# TODO chown -R app:app should be enough (?)
 for d in cache lock feed-icons; do
-	chmod 777 $DST_DIR/$d
-	find $DST_DIR/$d -type f -exec chmod 666 {} \;
+	chown -R app:app $DST_DIR/$d
+	chmod -R u=rwX,g=rX,o=rX $DST_DIR/$d
 done
 
 sudo -u app cp ${SCRIPT_ROOT}/config.docker.php $DST_DIR/config.php
diff --git a/.docker/app/update.sh b/.docker/app/update.sh
index 366b600a0..e383091d1 100644
--- a/.docker/app/update.sh
+++ b/.docker/app/update.sh
@@ -55,8 +55,8 @@ done
 chown -R app:app /root # /.postgresql
 
 for d in cache lock feed-icons; do
-	chmod 777 $DST_DIR/$d
-	find $DST_DIR/$d -type f -exec chmod 666 {} \;
+	chown -R app:app $DST_DIR/$d
+	chmod -R u=rwX,g=rX,o=rX $DST_DIR/$d
 done
 
 sudo -u app cp ${SCRIPT_ROOT}/config.docker.php $DST_DIR/config.php