Add SKIP_PERMISSIONS_CHECKS option (Strongly discouraged)

Resolves #163
LycheeOrg · Sep 9, 2023 · b39e8db · b39e8db
1 parent 55182d6
commit b39e8db
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -123,6 +123,8 @@ Some variables are specific to Docker, and the default values are :
 * `PHP_TZ=UTC`
 * `STARTUP_DELAY=0`
 
+Additionally, if `SKIP_PERMISSIONS_CHECKS` is set to "yes", the entrypoint script will not check or set the permissions of files and directories on startup. Users are strongly advised **against** using this option, and efforts have been made to keep the checks as fast as possible. Nonetheless, it may be suitable for some advanced use cases.
+
 ## Advanced configuration
 
 Note that nginx will accept by default images up to 100MB (`client_max_body_size 100M`) and that PHP parameters are overridden according to the [recommendations of the Lychee FAQ](https://lycheeorg.github.io/docs/faq.html#i-cant-upload-large-photos).

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -137,19 +137,23 @@ if [ ! "$(id -u "$USER")" -eq "$PUID" ]; then usermod -o -u "$PUID" "$USER" ; fi
 if [ ! "$(id -g "$USER")" -eq "$PGID" ]; then groupmod -o -g "$PGID" "$USER" ; fi
 echo -e " \tUser UID :\t$(id -u "$USER")"
 echo -e " \tUser GID :\t$(id -g "$USER")"
+usermod -a -G "$USER" www-data
 
 echo "**** Make sure Laravel's log exists ****" && \
 touch /logs/laravel.log
 
-echo "**** Set Permissions ****" && \
-# Set ownership of directories, then files and only when required. See LycheeOrg/Lychee-Docker#120
-find /sym /uploads /logs -type d \( ! -user "$USER" -o ! -group "$USER" \) -exec chown -R "$USER":"$USER" \{\} \;
-find /conf/.env /sym /uploads /logs \( ! -user "$USER" -o ! -group "$USER" \) -exec chown "$USER":"$USER" \{\} \;
-# Laravel needs to be able to chmod user.css and custom.js for no good reason
-find /conf/user.css /conf/custom.js /logs/laravel.log \( ! -user "www-data" -o ! -group "$USER" \) -exec chown www-data:"$USER" \{\} \;
-usermod -a -G "$USER" www-data
-find /sym /uploads /logs -type d \( ! -perm -ug+w -o ! -perm -ugo+rX -o ! -perm -g+s \) -exec chmod -R ug+w,ugo+rX,g+s \{\} \;
-find /conf/user.css /conf/custom.js /conf/.env /sym /uploads /logs \( ! -perm -ug+w -o ! -perm -ugo+rX \) -exec chmod ug+w,ugo+rX \{\} \;
+if [ -n "$SKIP_PERMISSIONS_CHECKS" ] && [ "${SKIP_PERMISSIONS_CHECKS,,}" = "yes" ] ; then
+	echo "**** WARNING: Skipping permissions check ****"
+else
+	echo "**** Set Permissions ****"
+	# Set ownership of directories, then files and only when required. See LycheeOrg/Lychee-Docker#120
+	find /sym /uploads /logs -type d \( ! -user "$USER" -o ! -group "$USER" \) -exec chown -R "$USER":"$USER" \{\} \;
+	find /conf/.env /sym /uploads /logs \( ! -user "$USER" -o ! -group "$USER" \) -exec chown "$USER":"$USER" \{\} \;
+	# Laravel needs to be able to chmod user.css and custom.js for no good reason
+	find /conf/user.css /conf/custom.js /logs/laravel.log \( ! -user "www-data" -o ! -group "$USER" \) -exec chown www-data:"$USER" \{\} \;
+	find /sym /uploads /logs -type d \( ! -perm -ug+w -o ! -perm -ugo+rX -o ! -perm -g+s \) -exec chmod -R ug+w,ugo+rX,g+s \{\} \;
+	find /conf/user.css /conf/custom.js /conf/.env /sym /uploads /logs \( ! -perm -ug+w -o ! -perm -ugo+rX \) -exec chmod ug+w,ugo+rX \{\} \;
+fi
 
 # Update CA Certificates if we're using armv7 because armv7 is weird (#76)
 if [[ $(uname -a) == *"armv7"* ]]; then