From 38998ab25eb56447005c4efaad31baa811b170c4 Mon Sep 17 00:00:00 2001 From: Tim Nelson Date: Tue, 16 Feb 2021 16:56:32 +1100 Subject: [PATCH 1/2] - Made it support having templates externally - Made it support changing the UID/GID of the apache user (www-data) --- README.md | 12 +++++ image/service/phpldapadmin/startup.sh | 72 ++++++++++++++++++++++++++- 2 files changed, 83 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e16918f..8df5f19 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,16 @@ but setting your own config.php is possible. 2 options: - Add your config file by extending or cloning this image, please refer to the [Advanced User Guide](#advanced-user-guide) +### Use your own templates directory + +2 options: + +- Link your templates directory at run time to /container/service/phpldapadmin/assets/templates + + docker run --volume /data/phpldapadmin/assets/templates:/container/service/phpldapadmin/assets/templates --detach osixia/phpldapadmin:0.9.0 + +- Add your templates file by extending or cloning this image, please refer to the [Advanced User Guide](#advanced-user-guide) + ### HTTPS #### Use autogenerated certificate @@ -185,6 +195,8 @@ See how to [set your own environment variables](#set-your-own-environment-variab Apache : - **PHPLDAPADMIN_SERVER_ADMIN**: Server admin email. Defaults to `webmaster@example.org` - **PHPLDAPADMIN_SERVER_PATH**: Server path (usefull if behind a reverse proxy). Defaults to `/phpldapadmin` +- **PHPLDAPADMIN_WWW_DATA_UID**: runtime docker user uid to run container as +- **PHPLDAPADMIN_WWW_DATA_GID**: runtime docker user gid to run container as HTTPS : - **PHPLDAPADMIN_HTTPS**: Use apache ssl config. Defaults to `true` diff --git a/image/service/phpldapadmin/startup.sh b/image/service/phpldapadmin/startup.sh index 048971c..f7d145d 100755 --- a/image/service/phpldapadmin/startup.sh +++ b/image/service/phpldapadmin/startup.sh @@ -1,5 +1,55 @@ #!/bin/bash -e + + +# ensure_uid $servicename $intended_uid $intended_gid $filename(s) +# Taken from OpenLDAP image; should be moved to the shared image at some point, then used by this script and OpenLDAP both +function ensure_uid() { + servicename=$1 + intended_uid=${2:-33} + intended_gid=${3:-33} + # Because there are 3 positional params + shift 3 + + log-helper info "$servicename user and group adjustments" + + log-helper info "get current $servicename uid/gid info inside container" + CUR_USER_GID=`id -g $servicename || true` + CUR_USER_UID=`id -u $servicename || true` + + SERVICE_UIDGID_CHANGED=false + if [ "$intended_uid" != "$CUR_USER_UID" ]; then + log-helper info "CUR_USER_UID (${CUR_USER_UID}) does't match intended_uid (${intended_uid}), adjusting..." + usermod -o -u "$intended_uid" $servicename + SERVICE_UIDGID_CHANGED=true + fi + if [ "$intended_gid" != "$CUR_USER_GID" ]; then + log-helper info "CUR_USER_GID (${CUR_USER_GID}) does't match intended_gid (${intended_gid}), adjusting..." + groupmod -o -g "$intended_gid" $servicename + SERVICE_UIDGID_CHANGED=true + fi + + log-helper info '-------------------------------------' + log-helper info '$servicename GID/UID' + log-helper info '-------------------------------------' + log-helper info "User uid: $(id -u $servicename)" + log-helper info "User gid: $(id -g $servicename)" + log-helper info "uid/gid changed: ${SERVICE_UIDGID_CHANGED}" + log-helper info "-------------------------------------" + + # fix file permissions + if [ "${DISABLE_CHOWN,,}" == "false" ]; then + log-helper info "updating file uid/gid ownership" + if [ ! -z "$*" ]; then + for file in $*; do + chown -R $servicename:$servicename $file + done + fi + fi + + return $SERVICE_UIDGID_CHANGED +} + # set -x (bash debug) if log level is trace # https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper log-helper level eq trace && set -x @@ -141,12 +191,32 @@ if [ ! -e "/var/www/phpldapadmin/config/config.php" ]; then fi +PHPLDAPADMIN_WWW_DATA_UID=${PHPLDAPADMIN_WWW_DATA_UID:-33} +PHPLDAPADMIN_WWW_DATA_GID=${PHPLDAPADMIN_WWW_DATA_GID:-33} +ensure_uid www-data $PHPLDAPADMIN_WWW_DATA_UID $PHPLDAPADMIN_WWW_DATA_GID /var/www + +##### For each template... +templatedir=${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/templates +echo "Finding templates" +find ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/ +shopt -s nullglob +for action in creation modification; do + for template in ${templatedir}/${action}/*.xml; do + basename=`basename $template` + log-helper info "Linking $action template for $template" + target=/var/www/phpldapadmin/templates/$action/$basename + ln -sf $template $target + chown $PHPLDAPADMIN_WWW_DATA_UID:$PHPLDAPADMIN_WWW_DATA_GID $target + done +done +shopt -u nullglob + # fix file permission find /var/www/ -type d -exec chmod 755 {} \; find /var/www/ -type f -exec chmod 644 {} \; -chown www-data:www-data -R /var/www # symlinks special (chown -R don't follow symlinks) +# Should be redone because of ensure_uid above chown www-data:www-data /var/www/phpldapadmin/config/config.php chmod 400 /var/www/phpldapadmin/config/config.php From 02216e2e6c2775fa9d799f1a06110108bc6a5c94 Mon Sep 17 00:00:00 2001 From: Tim Nelson Date: Thu, 18 Feb 2021 14:48:53 +1100 Subject: [PATCH 2/2] A few final variable tweaks --- image/service/phpldapadmin/startup.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/image/service/phpldapadmin/startup.sh b/image/service/phpldapadmin/startup.sh index f7d145d..40295ec 100755 --- a/image/service/phpldapadmin/startup.sh +++ b/image/service/phpldapadmin/startup.sh @@ -5,9 +5,9 @@ # ensure_uid $servicename $intended_uid $intended_gid $filename(s) # Taken from OpenLDAP image; should be moved to the shared image at some point, then used by this script and OpenLDAP both function ensure_uid() { - servicename=$1 - intended_uid=${2:-33} - intended_gid=${3:-33} + local servicename=$1 + local intended_uid=${2:-33} + local intended_gid=${3:-33} # Because there are 3 positional params shift 3 @@ -46,8 +46,6 @@ function ensure_uid() { done fi fi - - return $SERVICE_UIDGID_CHANGED } # set -x (bash debug) if log level is trace