search

Graylog2 / graylog-docker

Official Graylog Docker image
https://hub.docker.com/r/graylog/graylog/
Apache License 2.0
357 stars 132 forks source link

Docker entrypoint checks ownership on the wrong path #261

Open junkiebev opened 9 months ago

junkiebev commented 9 months ago

https://github.com/Graylog2/graylog-docker/blob/5da05dfaae6f98929297acf1c19209a447d73ecf/docker-entrypoint.sh#L76C1-L87C2

this function checks paths exist, and chowns them to graylog:graylog if they aren't already owned by graylog:graylog

setup() {
  # Create data directories
  for d in journal log plugin config contentpacks
  do
    dir=${GRAYLOG_HOME}/data/${d}
    [[ -d "${dir}" ]] || mkdir -p "${dir}"

    if [[ "$(stat --format='%U:%G' $dir)" != 'graylog:graylog' ]] && [[ -w "$dir" ]]; then
      chown -R graylog:graylog "$dir" || echo "Warning can not change owner to graylog:graylog"
    fi
  done
}

earlier in the script, you set a plugin directory with export GRAYLOG_PLUGIN_DIR=${GRAYLOG_HOME}/plugins-merged

should not for d in journal log plugin config contentpacks be changed to for d in journal log ${GRAYLOG_PLUGIN_DIR} config contentpacks

It appears you are performing functions on a directory you don't use or care about. I wouldn't mind kicking in a PR, but before doing so I was curious if that was a conscious choice for backwards compatibility.

kroepke commented 9 months ago

Hey, I'd say create that PR and we can discuss what the best option is :) Thanks!