summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
authorMaykin-99 <73132218+Maykin-99@users.noreply.github.com>2021-05-05 08:16:11 +0000
committerGitHub <noreply@github.com>2021-05-05 08:16:11 +0000
commit074df7637b1562f37fd79f243b812a7c682537b2 (patch)
treec84e6c5ea43fabb044cf1c746912a42d0542eb6b /docker
parent4fc8905ebf2a66699018ed8e6352ccd23b965d7d (diff)
downloadinvidious-074df7637b1562f37fd79f243b812a7c682537b2.tar.gz
invidious-074df7637b1562f37fd79f243b812a7c682537b2.tar.bz2
invidious-074df7637b1562f37fd79f243b812a7c682537b2.zip
Set correct permissions in Dockerfile
When having a `umask` of `xx7` (e.g. `027`) on the host machine then the directories `assets`, `config` and `locales` don't become readable to the `invidious` user inside the Docker container since the `COPY` commands result in files owned by `root` with the same file permissions like on the host (`640` in my case). By adding `--chown=invidious` to the `COPY` command we ensure the `invidious` user can read these files.
Diffstat (limited to 'docker')
-rw-r--r--docker/Dockerfile6
1 files changed, 3 insertions, 3 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
index f7d990d7..01abc6f5 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -18,12 +18,12 @@ RUN apk add --no-cache librsvg ttf-opensans
WORKDIR /invidious
RUN addgroup -g 1000 -S invidious && \
adduser -u 1000 -S invidious -G invidious
-COPY ./assets/ ./assets/
+COPY --chown=invidious ./assets/ ./assets/
COPY --chown=invidious ./config/config.* ./config/
RUN mv -n config/config.example.yml config/config.yml
RUN sed -i 's/host: \(127.0.0.1\|localhost\)/host: postgres/' config/config.yml
-COPY ./config/sql/ ./config/sql/
-COPY ./locales/ ./locales/
+COPY --chown=invidious ./config/sql/ ./config/sql/
+COPY --chown=invidious ./locales/ ./locales/
COPY --from=builder /invidious/invidious .
EXPOSE 3000
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-16 14:23:11 +0000