Skip to content

Commit 41cf540

Browse files
StaticRocketStaticRocket
committed
use chown on rsync to /data and /config directories
The lsiown command explicitly avoids touching symlinks, allowing root owned symlinks to bleed into PUID/PGID controlled areas. Use the chown arguments when using rsync to copy files to /data and /config to prevent creating symlinks with root permissions. Signed-off-by: Randolph Sapp <[email protected]>
1 parent 8f2cd9f commit 41cf540

File tree

3 files changed

+4
-2
lines changed

3 files changed

+4
-2
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -347,6 +347,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
347347

348348
## Versions
349349

350+
* **18.08.25:** - Use chown on rsync to /data and /config directories.
350351
* **10.07.25:** - Rebase to Alpine 3.22.
351352
* **12.02.25:** - Rebase to Alpine 3.21.
352353
* **09.01.25:** - Fix uploading large files. Existing users should update their nginx confs.

readme-vars.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,7 @@ init_diagram: |
145145
"nextcloud:latest" <- Base Images
146146
# changelog
147147
changelogs:
148+
- {date: "18.08.25:", desc: "Use chown on rsync to /data and /config directories."}
148149
- {date: "10.07.25:", desc: "Rebase to Alpine 3.22."}
149150
- {date: "12.02.25:", desc: "Rebase to Alpine 3.21."}
150151
- {date: "09.01.25:", desc: "Fix uploading large files. Existing users should update their nginx confs."}

root/etc/s6-overlay/s6-rc.d/init-nextcloud-config/run

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,11 +81,11 @@ if [ -f /config/www/nextcloud/config/needs_migration ] || [ -f /tmp/needs_instal
8181
rsync -rlD --exclude-from=/app/upgrade.exclude /app/www/src/ /app/www/public/
8282
for dir in apps config themes; do
8383
if [ -f /config/www/nextcloud/config/needs_migration ] || [ -f /tmp/needs_upgrade ] || [ -z "$(ls -A /app/www/public/${dir} 2>/dev/null)" ]; then
84-
rsync -rlD --include "/${dir}" --exclude '/*' /app/www/src/ /config/www/nextcloud/
84+
rsync -rlD --chown=abc:abc --include "/${dir}" --exclude '/*' /app/www/src/ /config/www/nextcloud/
8585
fi
8686
done
8787
if [ -z "$(ls -A /data/ 2>/dev/null)" ]; then
88-
rsync -rlD --include "/data" --exclude '/*' /app/www/src/ /
88+
rsync -rlD --chown=abc:abc --include "/data" --exclude '/*' /app/www/src/ /
8989
fi
9090

9191
echo "Setting permissions"

0 commit comments

Comments
 (0)