Fix: Adds better handling during folder checking/creation/permissions for non-root (#9616)

* Adds better handling during folder checking/creation/permissions for when the image is running as non-root * Prefers the long options to commands
2025-10-28 03:46:06 -05:00 · 2025-04-14 08:51:57 -07:00
parent 9db3923d35
commit ab8c75958d
2 changed files with 54 additions and 22 deletions
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/init-folders/run
@@ -9,25 +9,57 @@ declare -r media_root_dir="${PAPERLESS_MEDIA_ROOT:-/usr/src/paperless/media}"
 declare -r consume_dir="${PAPERLESS_CONSUMPTION_DIR:-/usr/src/paperless/consume}"
 declare -r tmp_dir="${PAPERLESS_SCRATCH_DIR:=/tmp/paperless}"
-echo "${log_prefix} Checking for folder existence"
+declare -r main_dirs=(
 	"${export_dir}"
 	"${data_dir}"
 	"${media_root_dir}"
 	"${consume_dir}"
 	"${tmp_dir}"
 )
-for dir in \
+declare -r extra_dirs=(
-	"${export_dir}" \
+	"${main_dirs[@]}"
-	"${data_dir}" "${data_dir}/index" \
+	"${data_dir}/index"
-	"${media_root_dir}" "${media_root_dir}/documents" "${media_root_dir}/documents/originals" "${media_root_dir}/documents/thumbnails" \
+	"${media_root_dir}/documents"
-	"${consume_dir}" \
+	"${media_root_dir}/documents/originals"
-	"${tmp_dir}"; do
+	"${media_root_dir}/documents/thumbnails"
 )
 if [[ -n "${USER_IS_NON_ROOT}" ]]; then
 	# Non-root mode: Create directories as current user, warn about permission issues
 	echo "${log_prefix} Running in non-root mode, checking directories"
 	current_uid=$(id --user)
 	current_gid=$(id --group)
 	for dir in "${extra_dirs[@]}"; do
 		if [[ ! -d "${dir}" ]]; then
 			mkdir --parents --verbose "${dir}" || echo "${log_prefix} WARNING: Could not create ${dir} - permission denied"
 		fi
 		# Check permissions on existing directories too
 		if [[ -d "${dir}" && ! -w "${dir}" ]]; then
 			echo "${log_prefix} WARNING: No write permission to ${dir}"
 		fi
 	done
 	# Warn about ownership issues
 	for dir in "${main_dirs[@]}"; do
 		if [[ -d "${dir}" ]]; then
 			find "${dir}" -not \( -user ${current_uid} -and -group ${current_gid} \) -exec echo "${log_prefix} WARNING: Permission issue on {}: not owned by current user (${current_uid}:${current_gid})" \; 2>/dev/null || echo "${log_prefix} WARNING: Cannot check permissions on ${dir}"
 		fi
 	done
 else
 	# Root mode: Create and fix permissions as needed
 	echo "${log_prefix} Running with root privileges, adjusting directories and permissions"
 	# First create directories
 	for dir in "${extra_dirs[@]}"; do
 		if [[ ! -d "${dir}" ]]; then
 			mkdir --parents --verbose "${dir}"
 		fi
 	done
-echo "${log_prefix} Adjusting file and folder permissions"
+	# Then fix permissions on all directories
-for dir in \
+	for dir in "${main_dirs[@]}"; do
 	"${export_dir}" \
 	"${data_dir}" \
 	"${media_root_dir}" \
 	"${consume_dir}" \
 	"${tmp_dir}"; do
 		find "${dir}" -not \( -user paperless -and -group paperless \) -exec chown --changes paperless:paperless {} +
 	done
 fi
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/init-start/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/init-start/run
@@ -11,9 +11,9 @@ printf "/usr/src/paperless/src" > /var/run/s6/container_environment/PAPERLESS_SR
 echo $(date +%s) > /var/run/s6/container_environment/PAPERLESS_START_TIME_S
 # Check if we're starting as a non-root user
-if [ $(id -u) == $(id -u paperless) ]; then
+if [ "$(id --user)" != "0" ]; then
 	printf "true" > /var/run/s6/container_environment/USER_IS_NON_ROOT
-	echo "${log_prefix}  paperless-ngx docker container running under a user"
+	echo "${log_prefix}  paperless-ngx docker container running under a user ($(id --user):$(id --group))"
 else
 	printf "/usr/src/paperless" > /var/run/s6/container_environment/HOME
 	echo "${log_prefix}  paperless-ngx docker container starting init as root"