search

roundcube / roundcubemail-docker

Resources to build Docker images for Roundcube Webmail
293 stars 129 forks source link

Files extracted in /var/www/html belong to the wrong user/group #84

Closed krufab closed 4 years ago

krufab commented 4 years ago

The roundcubemail source files extracted and copied to /var/www/html belong to the wrong user/group instead to www-data. This causes issues when roundcubemail is set to write logs in the default /var/www/html/logs folder as www-data has no write permissions.

docker run --rm -it roundcube/roundcubemail:latest bash -c "tar cf - --one-file-system -C /usr/src/roundcubemail . | tar xf -; ls -la"
total 396
drwxr-xr-x 12  501    80   4096 Mar 20 10:17 .
drwxr-xr-x  1 root root    4096 Feb 26 11:59 ..
-rw-r--r--  1  501    80   2603 Feb 19 20:55 .htaccess
-rw-r--r--  1  501    80 179346 Feb 19 20:55 CHANGELOG
-rw-r--r--  1  501    80  12693 Feb 19 20:55 INSTALL
-rw-r--r--  1  501    80  35147 Feb 19 20:55 LICENSE
-rw-r--r--  1  501    80   3810 Feb 19 20:55 README.md
drwxr-xr-x  7  501    80   4096 Feb 19 20:55 SQL
-rw-r--r--  1  501    80   4148 Feb 19 20:55 UPGRADING
drwxr-xr-x  2  501    80   4096 Mar 20 10:17 bin
-rw-r--r--  1  501 staff    908 Feb 19 20:55 composer.json
-rw-r--r--  1  501    80    940 Feb 19 20:55 composer.json-dist
-rw-r--r--  1  501    80  78672 Feb 19 20:56 composer.lock
drwxr-xr-x  2  501    80   4096 Mar 20 10:17 config
-rw-r--r--  1  501    80  12731 Feb 19 20:55 index.php
drwxr-xr-x  2  501    80   4096 Mar 20 10:17 logs
drwxr-xr-x 35  501    80   4096 Mar 20 10:17 plugins
drwxr-xr-x  8  501    80   4096 Mar 20 10:17 program
drwxr-xr-x  3  501    80   4096 Mar 20 10:17 public_html
drwxr-xr-x  5  501    80   4096 Mar 20 10:17 skins
drwxr-xr-x  2  501    80   4096 Mar 20 10:17 temp
drwxr-xr-x  9  501    80   4096 Mar 20 10:17 vendor
thomascube commented 4 years ago

The files shall not be owned by www-data because that'll make them writeable for the webserver which imposes a security risk. I agree that this may cause problems for the ´logs´ directory which may be the exception for a ownership change. However, logs from a Docker image should go to stdout which is what the current entrypoint configures by default: $config['log_driver'] = 'stdout'.

krufab commented 4 years ago

Ok, valid point. I needed the logs folder writable as i was debugging my configuration. Nevertheless, similar images, like postfixadmin / phpmyadmin, have the source code in /var/www/html belonging to www-data...