Merge pull request #43 from cron-eu/fix-permissions

Fix /home/application being "write for all" (SSH login not working anymore)
cron-eu · Apr 23, 2024 · 72febfc · 72febfc
2 parents 2919d5f + 9092635
commit 72febfc
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
@@ -45,6 +45,7 @@ jobs:
       - name: "Docker build and push (fpm image)"
         uses: docker/build-push-action@v4
         with:
+          context: .
           tags: "croneu/phpapp-fpm:php-${{ matrix.php-version }}"
           platforms: ${{ env.PLATFORMS }}
           push: true
@@ -103,6 +104,7 @@ jobs:
       - name: "Docker build and push (ssh image)"
         uses: docker/build-push-action@v4
         with:
+          context: .
           tags: "croneu/phpapp-ssh:php-${{ matrix.php-version }}-node-${{ matrix.node-version }}"
           platforms: ${{ env.PLATFORMS }}
           push: true

diff --git a/.github/workflows/build-only.yml b/.github/workflows/build-only.yml
@@ -32,6 +32,7 @@ jobs:
       - name: "Docker build only (fpm image)"
         uses: docker/build-push-action@v4
         with:
+          context: .
           tags: "croneu/phpapp-fpm:php-${{ matrix.php-version }}"
           platforms: ${{ env.PLATFORMS }}
           push: false
@@ -68,6 +69,7 @@ jobs:
       - name: "Docker build only (ssh image)"
         uses: docker/build-push-action@v4
         with:
+          context: .
           tags: "croneu/phpapp-ssh:php-${{ matrix.php-version }}-node-${{ matrix.node-version }}"
           platforms: ${{ env.PLATFORMS }}
           push: false

diff --git a/Dockerfile b/Dockerfile
@@ -123,7 +123,7 @@ RUN rm -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
 
 # Add entrypoint scripts
 COPY files/entrypoint*.sh /
-RUN chmod +x /*.sh
+RUN chmod 755 /*.sh
 
 # Configure PHP and PHP-FPM
 ADD files/php.ini /usr/local/etc/php/conf.d/zz-01-custom.ini
@@ -214,10 +214,18 @@ HEALTHCHECK --interval=5s --timeout=1s CMD pgrep sshd > /dev/null || exit 1
 RUN usermod -s /bin/bash application
 
 COPY files/ssh/ /
+COPY files/entrypoint-extras.sh /
+# Fix permissions of copied files
+RUN <<-EOF
+    set -ex
+    chmod 755 /etc /etc/profile.d /etc/profile.d/docker-prompt.sh
+    find /home -type d -exec chmod 755 {} \;
+    find /home -type f -exec chmod 644 {} \;
+    chmod 755 /*.sh
+EOF
 
 # Disable XDEBUG by default (can be enabled via XDEBUG_MODE in entrypoint-extras.sh
 RUN rm -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
-COPY files/entrypoint-extras.sh /
 
 RUN chmod +x /*.sh && chown -R application: /home/application