From 2468c9d91a2ef4055411e09c42cd054732ebf579 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 29 Nov 2023 16:11:07 -0800 Subject: [PATCH] Update permissions from 777 to 1777 (redux) I somehow missed Debian in 25b3034e9b0155c3e71acaf650243e7d12a571c1 (only updated Alpine), so this updates Debian in the same way. > This still supports the "arbitrary user" use case but with slightly tighter permissions on the end result. > > This one is a little bit more "special" other images (due to the existing runtime/entrypoint modification of the directory modes) so I've tried to pick reasonable values for both halves. --- 11/alpine3.17/Dockerfile | 2 +- 11/alpine3.18/Dockerfile | 2 +- 11/bookworm/Dockerfile | 6 +++--- 11/bullseye/Dockerfile | 6 +++--- 12/alpine3.17/Dockerfile | 2 +- 12/alpine3.18/Dockerfile | 2 +- 12/bookworm/Dockerfile | 6 +++--- 12/bullseye/Dockerfile | 6 +++--- 13/alpine3.17/Dockerfile | 2 +- 13/alpine3.18/Dockerfile | 2 +- 13/bookworm/Dockerfile | 6 +++--- 13/bullseye/Dockerfile | 6 +++--- 14/alpine3.17/Dockerfile | 2 +- 14/alpine3.18/Dockerfile | 2 +- 14/bookworm/Dockerfile | 6 +++--- 14/bullseye/Dockerfile | 6 +++--- 15/alpine3.17/Dockerfile | 2 +- 15/alpine3.18/Dockerfile | 2 +- 15/bookworm/Dockerfile | 6 +++--- 15/bullseye/Dockerfile | 6 +++--- 16/alpine3.17/Dockerfile | 2 +- 16/alpine3.18/Dockerfile | 2 +- 16/bookworm/Dockerfile | 6 +++--- 16/bullseye/Dockerfile | 6 +++--- Dockerfile-alpine.template | 2 +- Dockerfile-debian.template | 6 +++--- 26 files changed, 52 insertions(+), 52 deletions(-) diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index ea3c85deb4..6675a1cb21 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 76989691e7..8e5d701a7d 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/11/bookworm/Dockerfile b/11/bookworm/Dockerfile index ca21311f93..69f863bef2 100644 --- a/11/bookworm/Dockerfile +++ b/11/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 18a6164560..f7bb865651 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 0143bbaa25..f7f9284cbf 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 66dd4e7f94..fde4049703 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/12/bookworm/Dockerfile b/12/bookworm/Dockerfile index fc78b06f0b..4203c226e1 100644 --- a/12/bookworm/Dockerfile +++ b/12/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 2df49e2489..ad25a552ad 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index f11c930e08..ab7ceab4b1 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index e3e5fde8f0..cd9936c4c4 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -165,7 +165,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/13/bookworm/Dockerfile b/13/bookworm/Dockerfile index cdcab7f653..9b1dab9be8 100644 --- a/13/bookworm/Dockerfile +++ b/13/bookworm/Dockerfile @@ -177,11 +177,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index e912263c14..be787cf111 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -177,11 +177,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index 69867775cc..4283c5f1b0 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -168,7 +168,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 6efb1f3ae4..9856dcc54b 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -168,7 +168,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/14/bookworm/Dockerfile b/14/bookworm/Dockerfile index 9a2c737c0b..36a84c8abf 100644 --- a/14/bookworm/Dockerfile +++ b/14/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index ecb7ffe02d..798ca635eb 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index ea6eb5b385..324f745d35 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -171,7 +171,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 7099900433..8fda3e0adf 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -171,7 +171,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/15/bookworm/Dockerfile b/15/bookworm/Dockerfile index 6354b9fd02..3f9eff6e8e 100644 --- a/15/bookworm/Dockerfile +++ b/15/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/15/bullseye/Dockerfile b/15/bullseye/Dockerfile index ee6020db00..f93842e4b2 100644 --- a/15/bullseye/Dockerfile +++ b/15/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index a257139f77..ef93501447 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -170,7 +170,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 17961b3ac1..c93ecdb229 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -170,7 +170,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/16/bookworm/Dockerfile b/16/bookworm/Dockerfile index a89f7ee3af..55e6934a4a 100644 --- a/16/bookworm/Dockerfile +++ b/16/bookworm/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/16/bullseye/Dockerfile b/16/bullseye/Dockerfile index 53237b4998..3d650c2b79 100644 --- a/16/bullseye/Dockerfile +++ b/16/bullseye/Dockerfile @@ -175,11 +175,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 0548c0126a..efbccde00e 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -190,7 +190,7 @@ RUN set -eux; \ RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index aeca3d8d32..0d897a9af4 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -173,11 +173,11 @@ RUN set -eux; \ sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample; \ grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample -RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql +RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 3777 /var/run/postgresql ENV PGDATA /var/lib/postgresql/data -# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values) -RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" +# this 1777 will be replaced by 0700 at runtime (allows semi-arbitrary "--user" values) +RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 1777 "$PGDATA" VOLUME /var/lib/postgresql/data COPY docker-entrypoint.sh /usr/local/bin/