Container - config.inc.php.orig Permission Issues

[brooksvb]

I'm trying to run SSP as a rootless podman container, and I'm running into permission issues in the entrypoint.sh script. It attempts to create a link from the user-provided configuration file to another location that is owned by root. If I use userns=keepid, which normally simplifies permission issues in the vast majority of containers, this causes an error because the link destination is owned by root:
-rw-r--r-- 1 root root 18266 Oct 29 11:01 config.inc.php.orig

I was still having trouble when I started this ticket, but I eventually found a solution which is to use userns=keep-id --user=0:0. It's a pretty reasonable solution, but one that could be avoided by changing the practice used in the container. I decided to create the ticket anyways to help others who run into this issue.

There may be a couple ways of simplifying this in the container:

1. Change config loading logic to conditionally load the user-provided file, if it exists. This removes the need for the ln command entirely.
2. Change ownership and permission on the config.inc.php.orig file to allow non-root users to create the link.

[davidcoutadeur]

Thank you for the report, well' look at this for next release.

[davidcoutadeur]

Should be fixed with last pull request: #1029

@brooksvb could you try with the fix?

Note that this permission fix is not sufficient if you want to use your container as an unprivileged user. You should also manage the apache default privileged port. For example, running with dedicated ports.conf and 000-default.conf files:

podman run -p 8080:8080 -u www-data -v $PWD/ports.conf:/etc/apache2/ports.conf -v $PWD/000-default.conf:/etc/apache2/sites-available/000-default.conf -v $PWD/conf/config.inc.local.php:/var/www/conf/config.inc.local.php -it self-service-password:latest