Merge pull request #3641 from wkloucek/docker_narrow_volume_permissions

reduce docker image volume permissions and update alpine
owncloud · May 3, 2022 · 36a8fba · 36a8fba
2 parents a29d202 + 1e6b2fe
commit 36a8fba
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 9 deletions.
diff --git a/changelog/unreleased/change-ocis-docker-volume-permissions.md b/changelog/unreleased/change-ocis-docker-volume-permissions.md
@@ -0,0 +1,9 @@
+Change: Reduce permissions on docker image predeclared volumes
+
+We've lowered the permissions on the predeclared volumes of the oCIS
+docker image from 777 to 750.
+
+This change doesn't affect you, unless you use the docker image with
+the non default uid/guid to start oCIS (default is 1000:1000).
+
+https://github.com/owncloud/ocis/pull/3641
diff --git a/ocis/docker/Dockerfile.linux.amd64 b/ocis/docker/Dockerfile.linux.amd64
@@ -1,4 +1,4 @@
-FROM amd64/alpine:3.14
+FROM amd64/alpine:3.15
 
 ARG VERSION=""
 ARG REVISION=""
@@ -26,10 +26,10 @@ RUN addgroup -g 1000 -S ocis-group && \
 
 RUN mkdir -p /var/lib/ocis && \
  chown -R ocis-user:ocis-group /var/lib/ocis && \
- chmod -R 777 /var/lib/ocis && \
+ chmod -R 750 /var/lib/ocis && \
  mkdir -p /etc/ocis && \
  chown -R ocis-user:ocis-group /etc/ocis && \
- chmod -R 777 /etc/ocis
+ chmod -R 750 /etc/ocis
 
 VOLUME [ "/var/lib/ocis", "/etc/ocis" ]
 WORKDIR /var/lib/ocis

diff --git a/ocis/docker/Dockerfile.linux.arm b/ocis/docker/Dockerfile.linux.arm
@@ -1,4 +1,4 @@
-FROM arm32v6/alpine:3.14
+FROM arm32v6/alpine:3.15
 
 ARG VERSION=""
 ARG REVISION=""
@@ -26,10 +26,10 @@ RUN addgroup -g 1000 -S ocis-group && \
 
 RUN mkdir -p /var/lib/ocis && \
  chown -R ocis-user:ocis-group /var/lib/ocis && \
- chmod -R 777 /var/lib/ocis && \
+ chmod -R 750 /var/lib/ocis && \
  mkdir -p /etc/ocis && \
  chown -R ocis-user:ocis-group /etc/ocis && \
- chmod -R 777 /etc/ocis
+ chmod -R 750 /etc/ocis
 
 VOLUME [ "/var/lib/ocis", "/etc/ocis" ]
 WORKDIR /var/lib/ocis

diff --git a/ocis/docker/Dockerfile.linux.arm64 b/ocis/docker/Dockerfile.linux.arm64
@@ -1,4 +1,4 @@
-FROM arm64v8/alpine:3.14
+FROM arm64v8/alpine:3.15
 
 ARG VERSION=""
 ARG REVISION=""
@@ -26,10 +26,10 @@ RUN addgroup -g 1000 -S ocis-group && \
 
 RUN mkdir -p /var/lib/ocis && \
  chown -R ocis-user:ocis-group /var/lib/ocis && \
- chmod -R 777 /var/lib/ocis && \
+ chmod -R 750 /var/lib/ocis && \
  mkdir -p /etc/ocis && \
  chown -R ocis-user:ocis-group /etc/ocis && \
- chmod -R 777 /etc/ocis
+ chmod -R 750 /etc/ocis
 
 VOLUME [ "/var/lib/ocis", "/etc/ocis" ]
 WORKDIR /var/lib/ocis