From c195ffc864b22ae390e2e9096bd455c1217d7b98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Sat, 3 Dec 2022 16:47:35 +0100 Subject: [PATCH] Fix autoconf not working properly with the shared volume --- src/autoconf/Dockerfile | 14 ++++++++++++-- src/scheduler/Dockerfile | 6 +++--- src/scheduler/JobScheduler.py | 5 ++--- src/scheduler/main.py | 9 +++++---- 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/src/autoconf/Dockerfile b/src/autoconf/Dockerfile index b9c44dd1..e64ddc6f 100644 --- a/src/autoconf/Dockerfile +++ b/src/autoconf/Dockerfile @@ -32,11 +32,21 @@ RUN apk add --no-cache bash && \ addgroup -g 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /bin/sh -G nginx -D -H -u 101 nginx && \ cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \ + mkdir -p /var/tmp/bunkerweb && \ + mkdir -p /var/www && \ + mkdir -p /etc/bunkerweb && \ + mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \ mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \ - chown -R nginx:nginx /usr/share/bunkerweb /var/lib/bunkerweb && \ + mkdir -p /data/cache/letsencrypt && ln -s /data/cache/letsencrypt /etc/letsencrypt && \ + mkdir -p /data/www && ln -s /data/www /var/www/html && \ + for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \ + for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \ + chown -R root:nginx /data && \ + chmod -R 770 /data && \ + chown -R root:nginx /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \ find /usr/share/bunkerweb -type f -exec chmod 0740 {} \; && \ find /usr/share/bunkerweb -type d -exec chmod 0750 {} \; && \ - chmod 770 /var/lib/bunkerweb && \ + chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \ chmod 750 /usr/share/bunkerweb/cli/main.py /usr/share/bunkerweb/helpers/*.sh /usr/bin/bwcli /usr/share/bunkerweb/autoconf/main.py /usr/share/bunkerweb/deps/python/bin/* && \ chown root:nginx /usr/bin/bwcli diff --git a/src/scheduler/Dockerfile b/src/scheduler/Dockerfile index 6c4d49c5..0e6e9df0 100644 --- a/src/scheduler/Dockerfile +++ b/src/scheduler/Dockerfile @@ -49,9 +49,9 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \ chown -R root:scheduler /data && \ chmod -R 770 /data && \ chown -R root:scheduler /usr/share/bunkerweb /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \ - for dir in $(echo "/usr/share/bunkerweb /etc/bunkerweb") ; do find ${dir} -type f -exec chmod 0740 {} \; ; done && \ - for dir in $(echo "/usr/share/bunkerweb /etc/bunkerweb") ; do find ${dir} -type d -exec chmod 0750 {} \; ; done && \ - chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /var/tmp/bunkerweb && \ + find /usr/share/bunkerweb -type f -exec chmod 0740 {} \; && \ + find /usr/share/bunkerweb -type d -exec chmod 0750 {} \; && \ + chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \ find /usr/share/bunkerweb/core/*/jobs/* -type f -exec chmod 750 {} \; && \ chmod 750 /usr/share/bunkerweb/gen/*.py /usr/share/bunkerweb/scheduler/main.py /usr/share/bunkerweb/scheduler/entrypoint.sh /usr/share/bunkerweb/helpers/*.sh /usr/share/bunkerweb/deps/python/bin/* && \ mkdir /etc/nginx && \ diff --git a/src/scheduler/JobScheduler.py b/src/scheduler/JobScheduler.py index f6d0eede..42a6aa2f 100644 --- a/src/scheduler/JobScheduler.py +++ b/src/scheduler/JobScheduler.py @@ -112,8 +112,8 @@ class JobScheduler(ApiCaller): stdin=DEVNULL, stderr=STDOUT, env=self.__env, - user=120, - group=120, + user=101, + group=101, ) except BaseException: success = False @@ -237,4 +237,3 @@ class JobScheduler(ApiCaller): ) return False return ret - diff --git a/src/scheduler/main.py b/src/scheduler/main.py index 4f296220..105143af 100644 --- a/src/scheduler/main.py +++ b/src/scheduler/main.py @@ -6,6 +6,7 @@ from glob import glob from os import ( _exit, chmod, + chown, getenv, getpid, listdir, @@ -16,7 +17,7 @@ from os import ( walk, ) from os.path import dirname, exists, isdir, isfile, islink, join -from shutil import chown, copy, rmtree +from shutil import copy, rmtree from signal import SIGINT, SIGTERM, signal, SIGHUP from subprocess import run as subprocess_run, DEVNULL, STDOUT from sys import path as sys_path @@ -110,7 +111,7 @@ def generate_custom_configs( # Fix permissions for the custom configs folder for root, dirs, files in walk("/data/configs", topdown=False): for name in files + dirs: - chown(join(root, name), "scheduler", "scheduler") + chown(join(root, name), 101, 101) if isdir(join(root, name)): chmod(join(root, name), 0o750) @@ -339,7 +340,7 @@ if __name__ == "__main__": # Fix permissions for the nginx folder for root, dirs, files in walk("/etc/nginx", topdown=False): for name in files + dirs: - chown(join(root, name), "scheduler", "scheduler") + chown(join(root, name), 101, 101) chmod(join(root, name), 0o770) copy("/etc/nginx/variables.env", "/var/tmp/bunkerweb/variables.env") @@ -358,7 +359,7 @@ if __name__ == "__main__": walk("/data/cache", topdown=False), walk("/data/configs", topdown=False) ): for name in files + dirs: - chown(join(root, name), "scheduler", "scheduler") + chown(join(root, name), 101, 101) if isdir(join(root, name)): chmod(join(root, name), 0o750)