From 053394c9695d51d89b6fbeae545bdf84f55d9835 Mon Sep 17 00:00:00 2001
From: Michael Mayer <michael@photoprism.app>
Date: Sun, 20 Feb 2022 14:02:13 +0100
Subject: [PATCH] Docker: Improve umask and logging in entrypoint.sh scripts

---
 docker/develop/entrypoint.sh | 28 ++++++++++++++++------------
 scripts/dist/entrypoint.sh   | 18 ++++++++++--------
 2 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/docker/develop/entrypoint.sh b/docker/develop/entrypoint.sh
index 0d5256c87..c8caa16f7 100755
--- a/docker/develop/entrypoint.sh
+++ b/docker/develop/entrypoint.sh
@@ -20,6 +20,8 @@ else
   echo "started as uid $(id -u)"
 fi
 
+STORAGE_PATH=${PHOTOPRISM_STORAGE_PATH:-/go/src/github.com/photoprism/photoprism/storage}
+
 re='^[0-9]+$'
 
 # check for alternate umask variable
@@ -30,12 +32,12 @@ fi
 # set file-creation mode (umask)
 if [[ ${PHOTOPRISM_UMASK} =~ $re ]] && [[ ${#PHOTOPRISM_UMASK} == 4 ]]; then
   umask "${PHOTOPRISM_UMASK}"
-  echo "custom file-creation mode ($(umask -p)): $(umask -S)"
 else
   umask 0002
-  echo "default file-creation mode ($(umask -p)): $(umask -S)"
 fi
 
+echo "umask: \"$(umask)\" ($(umask -S))"
+
 # script must run as root to perform changes
 if [[ $(id -u) == "0" ]]; then
   # check for alternate user ID env variables
@@ -63,12 +65,13 @@ if [[ $(id -u) == "0" ]]; then
     usermod -g "${PHOTOPRISM_GID}" "user_${PHOTOPRISM_UID}" 2>/dev/null
 
     if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
-      echo "develop: set PHOTOPRISM_DISABLE_CHOWN: \"true\" to disable storage permission updates"
-      echo "develop: updating storage permissions..."
-      chown -Rf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" /photoprism /tmp/photoprism /go
+      echo "updating storage permissions..."
+      chown --preserve-root -Rf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" /go /photoprism /tmp/photoprism /opt/photoprism
+      chmod --preserve-root -Rf u+rwX "${STORAGE_PATH}"
+      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates"
     fi
 
-    echo "develop: running as uid ${PHOTOPRISM_UID}:${PHOTOPRISM_GID}"
+    echo "switching to uid ${PHOTOPRISM_UID}:${PHOTOPRISM_GID}"
     echo "${@}"
 
     gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
@@ -78,25 +81,26 @@ if [[ $(id -u) == "0" ]]; then
     usermod -g 1000 "user_${PHOTOPRISM_UID}" 2>/dev/null
 
     if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
-      echo "develop: set PHOTOPRISM_DISABLE_CHOWN: \"true\" to disable storage permission updates"
-      echo "develop: updating storage permissions..."
-      chown -Rf "${PHOTOPRISM_UID}" /photoprism /var/lib/photoprism /tmp/photoprism /go
+      echo "updating storage permissions..."
+      chown --preserve-root -Rf "${PHOTOPRISM_UID}" /go /photoprism /tmp/photoprism /opt/photoprism
+      chmod --preserve-root -Rf u+rwX "${STORAGE_PATH}"
+      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates"
     fi
 
-    echo "develop: running as uid ${PHOTOPRISM_UID}"
+    echo "switching to uid ${PHOTOPRISM_UID}"
     echo "${@}"
 
     gosu "${PHOTOPRISM_UID}" "$@" &
   else
     # run as root
-    echo "develop: running as root"
+    echo "running as root"
     echo "${@}"
 
     "$@" &
   fi
 else
   # running as user
-  echo "develop: running as uid $(id -u)"
+  echo "running as uid $(id -u)"
   echo "${@}"
 
   "$@" &
diff --git a/scripts/dist/entrypoint.sh b/scripts/dist/entrypoint.sh
index 9e8409d3e..ac744c83f 100755
--- a/scripts/dist/entrypoint.sh
+++ b/scripts/dist/entrypoint.sh
@@ -32,12 +32,12 @@ fi
 # set file-creation mode (umask)
 if [[ ${PHOTOPRISM_UMASK} =~ $re ]] && [[ ${#PHOTOPRISM_UMASK} == 4 ]]; then
   umask "${PHOTOPRISM_UMASK}"
-  echo "custom file-creation mode ($(umask -p)): $(umask -S)"
 else
   umask 0002
-  echo "default file-creation mode ($(umask -p)): $(umask -S)"
 fi
 
+echo "umask: \"$(umask)\" ($(umask -S))"
+
 # script must run as root to perform changes
 if [[ $(id -u) == "0" ]]; then
   # check for alternate user ID env variables
@@ -65,12 +65,13 @@ if [[ $(id -u) == "0" ]]; then
     usermod -g "${PHOTOPRISM_GID}" "user_${PHOTOPRISM_UID}" 2>/dev/null
 
     if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
-      echo "set PHOTOPRISM_DISABLE_CHOWN: \"true\" to disable storage permission updates"
       echo "updating storage permissions..."
-      chown -Rf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "${STORAGE_PATH}" /photoprism/import /var/lib/photoprism
+      chown --preserve-root -Rf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" /photoprism
+      chmod --preserve-root -Rf u+rwX "${STORAGE_PATH}"
+      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates"
     fi
 
-    echo "running as uid ${PHOTOPRISM_UID}:${PHOTOPRISM_GID}"
+    echo "switching to uid ${PHOTOPRISM_UID}:${PHOTOPRISM_GID}"
     echo "${@}"
 
     gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" audit.sh && gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
@@ -80,12 +81,13 @@ if [[ $(id -u) == "0" ]]; then
     usermod -g 1000 "user_${PHOTOPRISM_UID}" 2>/dev/null
 
     if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
-      echo "set PHOTOPRISM_DISABLE_CHOWN: \"true\" to disable storage permission updates"
       echo "updating storage permissions..."
-      chown -Rf "${PHOTOPRISM_UID}" "${STORAGE_PATH}" /photoprism/import /var/lib/photoprism
+      chown --preserve-root -Rf "${PHOTOPRISM_UID}" /photoprism
+      chmod --preserve-root -Rf u+rwX "${STORAGE_PATH}"
+      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables storage permission updates"
     fi
 
-    echo "running as uid ${PHOTOPRISM_UID}"
+    echo "switching to uid ${PHOTOPRISM_UID}"
     echo "${@}"
 
     gosu "${PHOTOPRISM_UID}" audit.sh && gosu "${PHOTOPRISM_UID}" "$@" &