Skip to content

use chown on rsync to /data and /config directories #517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

use chown on rsync to /data and /config directories #517

wants to merge 1 commit into from

Conversation

StaticRocket
Copy link

linuxserver.io

  • I have read the contributing guideline and understand that I have made the correct modifications

Description:

The lsiown command explicitly avoids touching symlinks, allowing root owned symlinks to bleed into PUID/PGID controlled areas.

Use the chown arguments when using rsync to copy files to /data and /config to prevent creating symlinks with root permissions.

Benefits of this PR and context:

Prevents creating symlinks as root, which the fpm or host user will not be able to remove/replace as needed.

How Has This Been Tested?

I used the modified commands to remove existing invalid symlinks from my deployment.

Source / References:

N/A

@LinuxServer-CI
Copy link
Collaborator

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/nextcloud/31.0.8-pkg-e00e87e2-dev-b8d8aaa7d5559b13dcf10ac6e49ecd5c46ade9e1-pr-517/index.html
https://ci-tests.linuxserver.io/lspipepr/nextcloud/31.0.8-pkg-e00e87e2-dev-b8d8aaa7d5559b13dcf10ac6e49ecd5c46ade9e1-pr-517/shellcheck-result.xml

Tag Passed
amd64-31.0.8-pkg-e00e87e2-dev-b8d8aaa7d5559b13dcf10ac6e49ecd5c46ade9e1-pr-517
arm64v8-31.0.8-pkg-e00e87e2-dev-b8d8aaa7d5559b13dcf10ac6e49ecd5c46ade9e1-pr-517

@StaticRocket
use chown on rsync to /data and /config directories
41cf540 
The lsiown command explicitly avoids touching symlinks, allowing root
owned symlinks to bleed into PUID/PGID controlled areas.

Use the chown arguments when using rsync to copy files to /data and
/config to prevent creating symlinks with root permissions.

Signed-off-by: Randolph Sapp <[email protected]>
@LinuxServer-CI
Copy link
Collaborator

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/nextcloud/31.0.8-pkg-e00e87e2-dev-41cf5401daef2f49fa168d8beb6fee5bfcb43f87-pr-517/index.html
https://ci-tests.linuxserver.io/lspipepr/nextcloud/31.0.8-pkg-e00e87e2-dev-41cf5401daef2f49fa168d8beb6fee5bfcb43f87-pr-517/shellcheck-result.xml

Tag Passed
amd64-31.0.8-pkg-e00e87e2-dev-41cf5401daef2f49fa168d8beb6fee5bfcb43f87-pr-517
arm64v8-31.0.8-pkg-e00e87e2-dev-41cf5401daef2f49fa168d8beb6fee5bfcb43f87-pr-517

@LinuxServer-CI
Copy link
Collaborator

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/nextcloud/31.0.8-pkg-811a9d38-dev-da30b701a42e97128015baf0dedb702360edca77-pr-517/index.html
https://ci-tests.linuxserver.io/lspipepr/nextcloud/31.0.8-pkg-811a9d38-dev-da30b701a42e97128015baf0dedb702360edca77-pr-517/shellcheck-result.xml

Tag Passed
amd64-31.0.8-pkg-811a9d38-dev-da30b701a42e97128015baf0dedb702360edca77-pr-517
arm64v8-31.0.8-pkg-811a9d38-dev-da30b701a42e97128015baf0dedb702360edca77-pr-517

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
Issue & PR Tracker
Status: PRs
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@StaticRocket @LinuxServer-CI