matthias/docker-inotify-command
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add umask support

Browse Source
This commit is contained in:
David Coppit
2015-06-26 01:08:53 -04:00
parent 3888123dcd
commit dd981dc799
4 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@@ -49,10 +49,13 @@ and "wheel" groups:
`-e UMAP="nobody:99:100 www:80:800" -e GMAP="users:100 wheel:800"`
For commands that create files without an explicit user or group name, you may want to set the `USER_ID` and `GROUP_ID`
in the config file. For example, if your command is `echo foo > /dir1/foo.txt`, then by default the file will be
created as the "root" user of the container. If you want it to be created with the user ID and group ID of "nobody" in
the host, you would set these config values to the output of `id -u nobody` and `id -g nobody` in the host.
For commands that create files without an explicit user or group name, you may want to set the `USER_ID`, `GROUP_ID`,
and `UMASK` in the config file. For example, if your command is `echo foo > /dir1/foo.txt`, then by default the file
will be created as the "root" user of the container. If you want it to be created with the user ID and group ID of
"nobody" in the host, you would set these config values to the output of `id -u nobody` and `id -g nobody` in the host.
Similarly, you may want to set the `UMASK` to match the host. As root you can run `su -l nobody -c umask` on the host to
determine the umask for the "nobody" user. The `UMASK` config value must be specified in octal, such as 0022.
Examples
--------
@@ -67,6 +70,7 @@ This example is to run a permissions-repairing utility whenever there's a change
# Need to run as root to have the authority to fix the permissions
USER_ID=0
GROUP_ID=0
UMASK=0000
# This is important because chmod/chown will change files in the monitored directory
IGNORE_EVENTS_WHILE_COMMAND_IS_RUNNING=1
@@ -86,6 +90,7 @@ This example tells SageTV to rescan its imported media when the media directory
# User and group don't really matter for the wget command. But we need to specify them in the config file.
USER_ID=0
GROUP_ID=0
UMASK=0000
IGNORE_EVENTS_WHILE_COMMAND_IS_RUNNING=0
We don't need to ignore events while the command is running because the wget command is a "fire and forget" asynchronous

2
monitor.sh
View File

@@ -220,7 +220,7 @@ do
wait_for_minimum_period $last_run_time
echo "$(ts) Running command with user ID $USER_ID and group ID $GROUP_ID"
/files/runas.sh $USER_ID $GROUP_ID $COMMAND &
/files/runas.sh $USER_ID $GROUP_ID $UMASK $COMMAND &
PID=$!
last_run_time=$(date +"%s")

10
runas.sh
View File

@@ -12,6 +12,7 @@ function process_args {
# These are intended to be global
USER_ID=$1
GROUP_ID=$2
UMASK=$3
if [[ ! "$USER_ID" =~ ^[0-9]{1,}$ ]]
then
@@ -24,6 +25,12 @@ function process_args {
echo "Group ID value $GROUP_ID is not valid. It must be a whole number"
exit 1
fi
if [[ ! "$UMASK" =~ ^[0-7][0-7][0-7][0-7]$ ]]
then
echo "The umask value $UMASK is not valid. It must be an octal number such as 0022"
exit 1
fi
}
#-----------------------------------------------------------------------------------------------------------------------
@@ -56,9 +63,10 @@ function create_user {
process_args "$@"
# Shift off the args so that we can exec $@ below
shift; shift
shift; shift; shift
create_user $USER_ID $GROUP_ID
echo "$(ts) Running command as user \"$USER\"..."
umask $UMASK
exec /sbin/setuser $USER "$@"

6
sample.conf
View File

@@ -27,10 +27,12 @@ MIN_PERIOD=10:00
# that we've installed the plugin called "sagex-services - SageTV Remote API Services".
COMMAND="wget -nv -O /dev/null --auth-no-challenge http://sage:frey@192.168.1.102:8080/sagex/api?c=RunLibraryImportScan&1="
# Set the user and group ID that you want to run the command as. The user will be randomly generated. This is mostly so
# that files written by the command in any directory shared with the host will have the right IDs.
# Set the user and group ID that you want to run the command as, as well as the umask. The user will be randomly
# generated. This is mostly so that files written by the command in any directory shared with the host will have the
# right IDs.
USER_ID=0
GROUP_ID=0
UMASK=0
# This is a very good idea if your command modifies the WATCH_DIR in any way. You can easily trigger yourself because
# most programs don't worry about checking the current state before making a change. e.g. chmod will set the mode of a