docker: fix /data ownership and permission (#7451)

* docker: fix /data ownership and permission * chown if not owned by seaweed user * fix github tests * comments * fix the unquoted variables in the case pattern matching * Update docker/entrypoint.sh Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update docker/entrypoint.sh Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update entrypoint.sh * Update entrypoint.sh * Update docker/entrypoint.sh Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-11-08 01:10:33 -08:00
parent 5fef4145a4
commit 2a05af2e14
8 changed files with 135 additions and 20 deletions
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -1,5 +1,33 @@
 #!/bin/sh

+# Fix permissions for mounted volumes
+# If /data is mounted from host, it might have different ownership
+# Fix this by ensuring seaweed user owns the directory
+if [ "$(id -u)" = "0" ]; then
+  # Running as root, check and fix permissions if needed
+  SEAWEED_UID=$(id -u seaweed)
+  SEAWEED_GID=$(id -g seaweed)
+  
+  # Verify seaweed user and group exist
+  if [ -z "$SEAWEED_UID" ] || [ -z "$SEAWEED_GID" ]; then
+    echo "Error: 'seaweed' user or group not found. Cannot fix permissions." >&2
+    exit 1
+  fi
+  
+  DATA_UID=$(stat -c '%u' /data 2>/dev/null)
+  DATA_GID=$(stat -c '%g' /data 2>/dev/null)
+  
+  # Only run chown -R if ownership doesn't match (much faster for subsequent starts)
+    echo "Fixing /data ownership for seaweed user (uid=$SEAWEED_UID, gid=$SEAWEED_GID)"
+    if ! chown -R seaweed:seaweed /data; then
+      echo "Warning: Failed to change ownership of /data. This may cause permission errors." >&2
+      echo "If /data is read-only or has mount issues, the application may fail to start." >&2
+    fi
+  
+  # Use su-exec to drop privileges and run as seaweed user
+  exec su-exec seaweed "$0" "$@"
+fi
+
 isArgPassed() {
  arg="$1"
  argWithEqualSign="$1="
@@ -8,10 +36,10 @@ isArgPassed() {
    passedArg="$1"
    shift
    case $passedArg in
-    $arg)
+    "$arg")
      return 0
      ;;
-    $argWithEqualSign*)
+    "$argWithEqualSign"*)
      return 0
      ;;
    esac