graylog-docker icon indicating copy to clipboard operation
graylog-docker copied to clipboard
verified publisher icon Graylog2

Docker entrypoint checks ownership on the wrong path

Open junkiebev opened this issue 2 years ago • 1 comments

https://github.com/Graylog2/graylog-docker/blob/5da05dfaae6f98929297acf1c19209a447d73ecf/docker-entrypoint.sh#L76C1-L87C2

this function checks paths exist, and chowns them to graylog:graylog if they aren't already owned by graylog:graylog

setup() {
  # Create data directories
  for d in journal log plugin config contentpacks
  do
    dir=${GRAYLOG_HOME}/data/${d}
    [[ -d "${dir}" ]] || mkdir -p "${dir}"

    if [[ "$(stat --format='%U:%G' $dir)" != 'graylog:graylog' ]] && [[ -w "$dir" ]]; then
      chown -R graylog:graylog "$dir" || echo "Warning can not change owner to graylog:graylog"
    fi
  done
}

earlier in the script, you set a plugin directory with export GRAYLOG_PLUGIN_DIR=${GRAYLOG_HOME}/plugins-merged

should not for d in journal log plugin config contentpacks be changed to for d in journal log ${GRAYLOG_PLUGIN_DIR} config contentpacks

It appears you are performing functions on a directory you don't use or care about. I wouldn't mind kicking in a PR, but before doing so I was curious if that was a conscious choice for backwards compatibility.

junkiebev avatar Sep 22 '23 18:09 junkiebev

Hey, I'd say create that PR and we can discuss what the best option is :) Thanks!

kroepke avatar Sep 25 '23 14:09 kroepke