docker-entrypoint.sh incorrectly sets permissions of all user uploaded files to 0755, making them executable for everybody

[casdevs]

just found out that after restarting my redmine container, all files uploaded by users get 0755 file permissions, which effectively makes them executable (we don't want that, do we?)

After investigating docker-entrypoint.sh (found in all current releases), I think instead of
chmod -R 755 files log tmp public/plugin_assets

you should rather use something like

find files log tmp public/plugin_assets -type d -exec chmod 775 {} +
find files log tmp public/plugin_assets -type f -exec chmod 664 {} +

instead.

[casdevs]

maybe the official redmine docs at
https://www.redmine.org/projects/redmine/wiki/RedmineInstall#Step-8-File-system-permissions
should be updated accordingly.

[tianon]

Agreed, ideally the official documentation would be updated before we make any changes here.

[casdevs]

I've filed a bug with their issue tracker at https://www.redmine.org/issues/27538

[casdevs]

I'm not sure if they are willing to update their documentation, see discussion in https://www.redmine.org/issues/27538

But as their documentation isn't tailored for the redmine-in-a-container usecase, I think you shouldn't wait for them any longer and fix the incorrect permission settings anyway.

[casdevs]

ok the official redmine docs have been updated:
https://www.redmine.org/projects/redmine/wiki/RedmineInstall#Step-8-File-system-permissions

however, as in the docker container usecase most of the times files do exist when the entrypoint script gets executed, I think you should set the permissions correctly in the first place instead of removing the incorrectly set executable bit afterwards as proposed in the docs now.

[yosifkit]

PR made: #98. Thanks @stefan-hausmann.