Implementing Pull Request #28 (BytemarkHosting/docker-webdav#28).

JadinHeaston · JadinHeaston · commit 03df777ed811 · 2023-01-06T11:38:12.000-06:00
Signed-off-by: Jadin Heaston &lt;jadin.heaston@como.gov&gt;
diff --git a/Dockerfile b/Dockerfile
@@ -13,8 +13,7 @@ RUN set -ex; \
     chmod -R 777 "/var/www/html"; \
     # Create directories for Dav data and lock database.
     mkdir -p "/var/lib/dav/data"; \
-    chown -R www-data:www-data "/var/lib/dav"; \
-    chmod -R 777 "/var/lib/dav"; \
+    touch "/var/lib/dav/DavLock"; \
     \
     # Enable DAV modules.
     for i in dav dav_fs; do \
@@ -31,11 +30,6 @@ RUN set -ex; \
         sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "conf/httpd.conf"; \
     done; \
     \
-    # Run httpd as "www-data" (instead of "daemon").
-    for i in User Group; do \
-        sed -i -e "s|^$i .*|$i www-data|" "conf/httpd.conf"; \
-    done; \
-    \
     # Include enabled configs and sites.
     printf '%s\n' "Include conf/conf-enabled/*.conf" \
         >> "conf/httpd.conf"; \
diff --git a/README.md b/README.md
@@ -88,3 +88,6 @@ All environment variables are optional. You probably want to at least specify `U
 * `PASSWORD`: Authenticate with this password (and the username above). This is ignored if you bind mount your own authentication file to `/user.passwd`.
 * `ANONYMOUS_METHODS`: Comma-separated list of HTTP request methods (eg, `GET,POST,OPTIONS,PROPFIND`). Clients can use any method you specify here without authentication. Set to `ALL` to disable authentication. The default is to disallow any anonymous access.
 * `SSL_CERT`: Set to `selfsigned` to generate a self-signed certificate and enable Apache's SSL module. If you specify `SERVER_NAMES`, the first domain is set as the Common Name.
+* **`PUID`**: file owner's UID of `/var/lib/dav`
+* **`PGID`**: file owner's GID of `/var/lib/dav`
+* **`PUMASK`**: umask of `/var/lib/dav/data`
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -9,5 +9,8 @@ services:
       AUTH_TYPE: Digest
       USERNAME: Alice
       PASSWORD: Secret1234!
+      PUID: 1000
+      GUID: 1000
+      PUMASK: 1000
     volumes:
       - webdav-data:/var/lib/dav
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -10,9 +10,14 @@ set -e
 #   PASSWORD
 #   ANONYMOUS_METHODS
 #   SSL_CERT
+#   PUID
+#   PGID
+#   PUMASK
 
 # Just in case this environment variable has gone missing.
 HTTPD_PREFIX="${HTTPD_PREFIX:-/usr/local/apache2}"
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
 
 # Configure vhosts.
 if [ "x$SERVER_NAMES" != "x" ]; then
@@ -101,8 +106,20 @@ fi
 # Create directories for Dav data and lock database.
 [ ! -d "/var/lib/dav/data" ] && mkdir -p "/var/lib/dav/data"
 [ ! -e "/var/lib/dav/DavLock" ] && touch "/var/lib/dav/DavLock"
-chown -R www-data:www-data "/var/lib/dav"
-chmod -R 777 "/var/lib/dav"
-chmod -R 777 "/var/www/html"
+
+# add PUID:PGID, ignore error
+addgroup -g $PGID -S user-group 1>/dev/null || true
+adduser -u $PUID -S user 1>/dev/null || true
+
+# Run httpd as PUID:PGID
+sed -i -e "s|^User .*|User #$PUID|" "$HTTPD_PREFIX/conf/httpd.conf"; 
+sed -i -e "s|^Group .*|Group #$PGID|" "$HTTPD_PREFIX/conf/httpd.conf"; 
+
+chown $PUID:$PGID "/var/lib/dav/DavLock"
+
+# Set umask
+if [ "x$PUMASK" != "x" ]; then
+    umask $PUMASK
+fi
 
 exec "$@"
