opt-in fixing of user/group ownership of files

contrib/docker/README.md

@@ -103,7 +103,7 @@ When a Pixelfed container starts up, the [`ENTRYPOINT`](https://docs.docker.com/
 
 1. Search the `/docker/entrypoint.d/` directory for files and for each file (in lexical order).
 1. Check if the file is executable.
-    1. If the file is not executable, print an error and exit the container.
+    1. If the file is *not* executable, print an error and exit the container.
 1. If the file has the extension `.envsh` the file will be [sourced](https://superuser.com/a/46146).
 1. If the file has the extension `.sh` the file will be run like a normal script.
 1. Any other file extension will log a warning and will be ignored.
@@ -159,6 +159,15 @@ Please see the
 * [gomplate syntax documentation](https://docs.gomplate.ca/syntax/)
 * [gomplate functions documentation](https://docs.gomplate.ca/functions/)
 
+### Fixing ownership on startup
+
+You can set the environment variable `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS` to a list of paths that should have their `$USER` and `$GROUP` ownership changed to the configured runtime user and group during container bootstrapping.
+
+The variable is a space-delimited list shown below and accepts both relative and absolute paths:
+
+* `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS="./storage ./bootstrap"`
+* `ENTRYPOINT_ENSURE_OWNERSHIP_PATHS="/some/other/folder"`
+
 ## Build settings (arguments)
 
 The Pixelfed Dockerfile utilizes [Docker Multi-stage builds](https://docs.docker.com/build/building/multi-stage/) and [Build arguments](https://docs.docker.com/build/guide/build-args/).

contrib/docker/shared/root/docker/entrypoint.d/10-storage.sh

@@ -3,8 +3,8 @@ source /docker/helpers.sh
 
 entrypoint-set-name "$0"
 
+# Copy the [storage/] skeleton files over the "real" [storage/] directory so assets are updated between versions
 run-as-runtime-user cp --recursive storage.skel/* storage/
-run-as-runtime-user php artisan storage:link
 
-log-info "Ensure permissions are correct"
-chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} storage/ bootstrap/
+# Ensure storage linkk are correctly configured
+run-as-runtime-user php artisan storage:link

contrib/docker/shared/root/docker/entrypoint.d/15-storage-permissions.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+source /docker/helpers.sh
+
+entrypoint-set-name "$0"
+
+# Optionally fix ownership of configured paths
+: ${ENTRYPOINT_ENSURE_OWNERSHIP_PATHS:=""}
+
+declare -a ensure_ownership_paths=()
+IFS=' ' read -a ensure_ownership_paths <<<"$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS"
+
+if [[ ${#ensure_ownership_paths} == 0 ]]; then
+    log-info "No paths has been configured for ownership fixes via [\$ENTRYPOINT_ENSURE_OWNERSHIP_PATHS]."
+
+    exit 0
+fi
+
+for path in "${ensure_ownership_paths[@]}"; do
+    log-info "Ensure ownership of [${path}] correct"
+    chown --recursive ${RUNTIME_UID}:${RUNTIME_GID} "${path}"
+done