|
|
@@ -8,35 +8,53 @@ log_info 'Setting ownership ...'
|
|
|
# root
|
|
|
chown root /tmp/nginx
|
|
|
|
|
|
-# npm user and group
|
|
|
-chown -R "$PUID:$PGID" /data
|
|
|
-chown -R "$PUID:$PGID" /etc/letsencrypt
|
|
|
-chown -R "$PUID:$PGID" /run/nginx
|
|
|
-chown -R "$PUID:$PGID" /tmp/nginx
|
|
|
-chown -R "$PUID:$PGID" /var/cache/nginx
|
|
|
-chown -R "$PUID:$PGID" /var/lib/logrotate
|
|
|
-chown -R "$PUID:$PGID" /var/lib/nginx
|
|
|
-chown -R "$PUID:$PGID" /var/log/nginx
|
|
|
-
|
|
|
-# Don't chown entire /etc/nginx folder as this causes crashes on some systems
|
|
|
-chown -R "$PUID:$PGID" /etc/nginx/nginx
|
|
|
-chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
|
|
|
-chown -R "$PUID:$PGID" /etc/nginx/conf.d
|
|
|
-
|
|
|
-# Certbot directories - optimized approach
|
|
|
-CERT_INIT_FLAG="/opt/certbot/.ownership_initialized"
|
|
|
-
|
|
|
-if [ ! -f "$CERT_INIT_FLAG" ] && [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
|
|
|
- # Prevents errors when installing python certbot plugins when non-root
|
|
|
- log_info 'Changing ownership of /opt/certbot directories ...'
|
|
|
- chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
|
|
|
+locations=(
|
|
|
+ "/data"
|
|
|
+ "/etc/letsencrypt"
|
|
|
+ "/run/nginx"
|
|
|
+ "/tmp/nginx"
|
|
|
+ "/var/cache/nginx"
|
|
|
+ "/var/lib/logrotate"
|
|
|
+ "/var/lib/nginx"
|
|
|
+ "/var/log/nginx"
|
|
|
+ "/etc/nginx/nginx"
|
|
|
+ "/etc/nginx/nginx.conf"
|
|
|
+ "/etc/nginx/conf.d"
|
|
|
+)
|
|
|
+
|
|
|
+chownit() {
|
|
|
+ local dir="$1"
|
|
|
+ local recursive="${2:-true}"
|
|
|
+
|
|
|
+ local have
|
|
|
+ have="$(stat -c '%u:%g' "$dir")"
|
|
|
+ echo -n " $dir ... "
|
|
|
+
|
|
|
+ if [ "$have" != "$PUID:$PGID" ]; then
|
|
|
+ if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then
|
|
|
+ chown -R "$PUID:$PGID" "$dir"
|
|
|
+ else
|
|
|
+ chown "$PUID:$PGID" "$dir"
|
|
|
+ fi
|
|
|
+ echo "DONE"
|
|
|
+ else
|
|
|
+ echo "SKIPPED"
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+for loc in "${locations[@]}"; do
|
|
|
+ chownit "$loc"
|
|
|
+done
|
|
|
+
|
|
|
+if [ "${SKIP_CERTBOT_OWNERSHIP:-}" != "true" ]; then
|
|
|
+ log_info 'Changing ownership of certbot directories, this may take some time ...'
|
|
|
+ chownit "/opt/certbot" false
|
|
|
+ chownit "/opt/certbot/bin" false
|
|
|
|
|
|
# Handle all site-packages directories efficiently
|
|
|
find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
|
|
|
- chown -R "$PUID:$PGID" "$SITE_PACKAGES_DIR"
|
|
|
+ chownit "$SITE_PACKAGES_DIR"
|
|
|
done
|
|
|
-
|
|
|
- # Create a flag file to skip this step on subsequent runs
|
|
|
- touch "$CERT_INIT_FLAG"
|
|
|
- chown "$PUID:$PGID" "$CERT_INIT_FLAG"
|
|
|
+else
|
|
|
+ log_info 'Skipping ownership change of certbot directories'
|
|
|
fi
|
Jamie Curnow