From 86fcd0c100146de2c0b040d4606c752ce804ec24 Mon Sep 17 00:00:00 2001 From: Jacob Hayes Date: Tue, 22 Dec 2015 15:50:44 -0600 Subject: [PATCH 1/2] Explicitly set PGDATA permissions to 700 --- 9.0/docker-entrypoint.sh | 1 + 9.1/docker-entrypoint.sh | 1 + 9.2/docker-entrypoint.sh | 1 + 9.3/docker-entrypoint.sh | 1 + 9.4/docker-entrypoint.sh | 1 + 9.5/docker-entrypoint.sh | 1 + docker-entrypoint.sh | 1 + 7 files changed, 7 insertions(+) diff --git a/9.0/docker-entrypoint.sh b/9.0/docker-entrypoint.sh index 87d7e3b87c..55326e8242 100755 --- a/9.0/docker-entrypoint.sh +++ b/9.0/docker-entrypoint.sh @@ -8,6 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" + chmod -R 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.1/docker-entrypoint.sh b/9.1/docker-entrypoint.sh index 87d7e3b87c..55326e8242 100755 --- a/9.1/docker-entrypoint.sh +++ b/9.1/docker-entrypoint.sh @@ -8,6 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" + chmod -R 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.2/docker-entrypoint.sh b/9.2/docker-entrypoint.sh index 87d7e3b87c..55326e8242 100755 --- a/9.2/docker-entrypoint.sh +++ b/9.2/docker-entrypoint.sh @@ -8,6 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" + chmod -R 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh index 87d7e3b87c..55326e8242 100755 --- a/9.3/docker-entrypoint.sh +++ b/9.3/docker-entrypoint.sh @@ -8,6 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" + chmod -R 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 87d7e3b87c..55326e8242 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -8,6 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" + chmod -R 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 87d7e3b87c..55326e8242 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -8,6 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" + chmod -R 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 87d7e3b87c..55326e8242 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -8,6 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" + chmod -R 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql From d1644850949964935c418a73e0a7dc36f4f12dd9 Mon Sep 17 00:00:00 2001 From: Jacob Hayes Date: Tue, 5 Jan 2016 16:49:58 -0600 Subject: [PATCH 2/2] Don't set perm on data dir recursively --- 9.0/docker-entrypoint.sh | 2 +- 9.1/docker-entrypoint.sh | 2 +- 9.2/docker-entrypoint.sh | 2 +- 9.3/docker-entrypoint.sh | 2 +- 9.4/docker-entrypoint.sh | 2 +- 9.5/docker-entrypoint.sh | 2 +- docker-entrypoint.sh | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/9.0/docker-entrypoint.sh b/9.0/docker-entrypoint.sh index 55326e8242..4bfeb7611b 100755 --- a/9.0/docker-entrypoint.sh +++ b/9.0/docker-entrypoint.sh @@ -8,7 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" - chmod -R 700 "$PGDATA" + chmod 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.1/docker-entrypoint.sh b/9.1/docker-entrypoint.sh index 55326e8242..4bfeb7611b 100755 --- a/9.1/docker-entrypoint.sh +++ b/9.1/docker-entrypoint.sh @@ -8,7 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" - chmod -R 700 "$PGDATA" + chmod 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.2/docker-entrypoint.sh b/9.2/docker-entrypoint.sh index 55326e8242..4bfeb7611b 100755 --- a/9.2/docker-entrypoint.sh +++ b/9.2/docker-entrypoint.sh @@ -8,7 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" - chmod -R 700 "$PGDATA" + chmod 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.3/docker-entrypoint.sh b/9.3/docker-entrypoint.sh index 55326e8242..4bfeb7611b 100755 --- a/9.3/docker-entrypoint.sh +++ b/9.3/docker-entrypoint.sh @@ -8,7 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" - chmod -R 700 "$PGDATA" + chmod 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.4/docker-entrypoint.sh b/9.4/docker-entrypoint.sh index 55326e8242..4bfeb7611b 100755 --- a/9.4/docker-entrypoint.sh +++ b/9.4/docker-entrypoint.sh @@ -8,7 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" - chmod -R 700 "$PGDATA" + chmod 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/9.5/docker-entrypoint.sh b/9.5/docker-entrypoint.sh index 55326e8242..4bfeb7611b 100755 --- a/9.5/docker-entrypoint.sh +++ b/9.5/docker-entrypoint.sh @@ -8,7 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" - chmod -R 700 "$PGDATA" + chmod 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 55326e8242..4bfeb7611b 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -8,7 +8,7 @@ set_listen_addresses() { if [ "$1" = 'postgres' ]; then mkdir -p "$PGDATA" - chmod -R 700 "$PGDATA" + chmod 700 "$PGDATA" chown -R postgres "$PGDATA" chmod g+s /run/postgresql