From ab8c75958d948c12193405bfe8e360f9da5b07da Mon Sep 17 00:00:00 2001 From: Trenton H <797416+stumpylog@users.noreply.github.com> Date: Mon, 14 Apr 2025 08:51:57 -0700 Subject: [PATCH] Fix: Adds better handling during folder checking/creation/permissions for non-root (#9616) * Adds better handling during folder checking/creation/permissions for when the image is running as non-root * Prefers the long options to commands --- .../etc/s6-overlay/s6-rc.d/init-folders/run | 72 +++++++++++++------ .../etc/s6-overlay/s6-rc.d/init-start/run | 4 +- 2 files changed, 54 insertions(+), 22 deletions(-) diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run index 5f731ceae..9f7d58212 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run @@ -9,25 +9,57 @@ declare -r media_root_dir="${PAPERLESS_MEDIA_ROOT:-/usr/src/paperless/media}" declare -r consume_dir="${PAPERLESS_CONSUMPTION_DIR:-/usr/src/paperless/consume}" declare -r tmp_dir="${PAPERLESS_SCRATCH_DIR:=/tmp/paperless}" -echo "${log_prefix} Checking for folder existence" +declare -r main_dirs=( + "${export_dir}" + "${data_dir}" + "${media_root_dir}" + "${consume_dir}" + "${tmp_dir}" +) -for dir in \ - "${export_dir}" \ - "${data_dir}" "${data_dir}/index" \ - "${media_root_dir}" "${media_root_dir}/documents" "${media_root_dir}/documents/originals" "${media_root_dir}/documents/thumbnails" \ - "${consume_dir}" \ - "${tmp_dir}"; do - if [[ ! -d "${dir}" ]]; then - mkdir --parents --verbose "${dir}" - fi -done +declare -r extra_dirs=( + "${main_dirs[@]}" + "${data_dir}/index" + "${media_root_dir}/documents" + "${media_root_dir}/documents/originals" + "${media_root_dir}/documents/thumbnails" +) -echo "${log_prefix} Adjusting file and folder permissions" -for dir in \ - "${export_dir}" \ - "${data_dir}" \ - "${media_root_dir}" \ - "${consume_dir}" \ - "${tmp_dir}"; do - find "${dir}" -not \( -user paperless -and -group paperless \) -exec chown --changes paperless:paperless {} + -done +if [[ -n "${USER_IS_NON_ROOT}" ]]; then + # Non-root mode: Create directories as current user, warn about permission issues + echo "${log_prefix} Running in non-root mode, checking directories" + current_uid=$(id --user) + current_gid=$(id --group) + + for dir in "${extra_dirs[@]}"; do + if [[ ! -d "${dir}" ]]; then + mkdir --parents --verbose "${dir}" || echo "${log_prefix} WARNING: Could not create ${dir} - permission denied" + fi + # Check permissions on existing directories too + if [[ -d "${dir}" && ! -w "${dir}" ]]; then + echo "${log_prefix} WARNING: No write permission to ${dir}" + fi + done + + # Warn about ownership issues + for dir in "${main_dirs[@]}"; do + if [[ -d "${dir}" ]]; then + find "${dir}" -not \( -user ${current_uid} -and -group ${current_gid} \) -exec echo "${log_prefix} WARNING: Permission issue on {}: not owned by current user (${current_uid}:${current_gid})" \; 2>/dev/null || echo "${log_prefix} WARNING: Cannot check permissions on ${dir}" + fi + done +else + # Root mode: Create and fix permissions as needed + echo "${log_prefix} Running with root privileges, adjusting directories and permissions" + + # First create directories + for dir in "${extra_dirs[@]}"; do + if [[ ! -d "${dir}" ]]; then + mkdir --parents --verbose "${dir}" + fi + done + + # Then fix permissions on all directories + for dir in "${main_dirs[@]}"; do + find "${dir}" -not \( -user paperless -and -group paperless \) -exec chown --changes paperless:paperless {} + + done +fi diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/init-start/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/init-start/run index a04f930a2..2bc7648d9 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/init-start/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/init-start/run @@ -11,9 +11,9 @@ printf "/usr/src/paperless/src" > /var/run/s6/container_environment/PAPERLESS_SR echo $(date +%s) > /var/run/s6/container_environment/PAPERLESS_START_TIME_S # Check if we're starting as a non-root user -if [ $(id -u) == $(id -u paperless) ]; then +if [ "$(id --user)" != "0" ]; then printf "true" > /var/run/s6/container_environment/USER_IS_NON_ROOT - echo "${log_prefix} paperless-ngx docker container running under a user" + echo "${log_prefix} paperless-ngx docker container running under a user ($(id --user):$(id --group))" else printf "/usr/src/paperless" > /var/run/s6/container_environment/HOME echo "${log_prefix} paperless-ngx docker container starting init as root"