From 2084d40ccc3877b9f7117dd7a2327cbe136f5222 Mon Sep 17 00:00:00 2001 From: jorenn92 Date: Tue, 30 Jan 2024 16:45:35 +0100 Subject: [PATCH 1/4] refactor: Updated UI Docker port to use non-privileged port 6246 BREAKING CHANGE: Previously, the UI port was set to port 80, which is privileged. This has been updated to non-privileged port 6246. Ensure to adjust your Dockerfile or docker run command to reflect this change. --- Dockerfile | 2 +- supervisord.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 42dd83aa..6e7dcc08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -103,7 +103,7 @@ RUN corepack install && \ USER node -EXPOSE 80 +EXPOSE 6246 VOLUME [ "/opt/data" ] ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] diff --git a/supervisord.conf b/supervisord.conf index f0f8ccd1..612bf042 100644 --- a/supervisord.conf +++ b/supervisord.conf @@ -13,7 +13,7 @@ stdout_logfile_maxbytes=0 redirect_stderr=true [program:ui] -environment=PORT=80 +environment=PORT=6246 command=yarn node /opt/app/ui/server.js autorestart=true startretries=100 From f1bfb121133ab5879560604320b9b4fa4a5e0b37 Mon Sep 17 00:00:00 2001 From: Jorenn92 Date: Thu, 1 Feb 2024 19:07:54 +0100 Subject: [PATCH 2/4] refactor: add data directory permission check BREAKING CHANGE: The container now runs as an unprivileged user. It is essential to ensure that the exposed data directory is read/writeable by either the user specified in the 'user' directive or, if no directive is provided, by the default UID:GID 1000:1000. --- server/src/main.ts | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/server/src/main.ts b/server/src/main.ts index 6ca45030..0f9fa760 100644 --- a/server/src/main.ts +++ b/server/src/main.ts @@ -72,7 +72,7 @@ async function bootstrap() { await app.listen(3001); } -function createDataDirectoryStructure(): void { +function createDataDirectoryStructure() { try { const dir = path.join(__dirname, `../../data/logs`); @@ -82,9 +82,18 @@ function createDataDirectoryStructure(): void { mode: 0o777, }); } + + // Check if data directory has read and write permissions + fs.accessSync( + path.join(__dirname, `../../data`), + fs.constants.R_OK | fs.constants.W_OK, + ); } catch (err) { + console.warn( + `THE CONTAINER NO LONGER OPERATES WITH PRIVILEGED USER PERMISSIONS. PLEASE UPDATE YOUR CONFIGURATION ACCORDINGLY: https://github.com/jorenn92/Maintainerr/releases/tag/v2.0.0`, + ); console.error( - 'Could not create data directory. Make sure your permissions are set correctly.', + 'Could not create or access the data directory. Please make sure it has the necessary permissions', ); process.exit(0); } From 5faded7d44c6b85e6fb81ec35d75abe9175e731c Mon Sep 17 00:00:00 2001 From: Jorenn92 Date: Thu, 1 Feb 2024 19:35:26 +0100 Subject: [PATCH 3/4] refactor: Add a permission check for a pre-existing db file. Throw error when the file isn't writeable --- server/src/main.ts | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/server/src/main.ts b/server/src/main.ts index 0f9fa760..5dd92429 100644 --- a/server/src/main.ts +++ b/server/src/main.ts @@ -74,8 +74,14 @@ async function bootstrap() { function createDataDirectoryStructure() { try { - const dir = path.join(__dirname, `../../data/logs`); + // Check if data directory has read and write permissions + fs.accessSync( + path.join(__dirname, `../../data`), + fs.constants.R_OK | fs.constants.W_OK, + ); + // create logs dir + const dir = path.join(__dirname, `../../data/logs`); if (!fs.existsSync(dir)) { fs.mkdirSync(dir, { recursive: true, @@ -83,17 +89,17 @@ function createDataDirectoryStructure() { }); } - // Check if data directory has read and write permissions - fs.accessSync( - path.join(__dirname, `../../data`), - fs.constants.R_OK | fs.constants.W_OK, - ); + // if db already exists, check r/w permissions + const db = path.join(__dirname, `../../data/maintainerr.sqlite`); + if (!fs.existsSync(db)) { + fs.accessSync(db, fs.constants.R_OK | fs.constants.W_OK); + } } catch (err) { console.warn( `THE CONTAINER NO LONGER OPERATES WITH PRIVILEGED USER PERMISSIONS. PLEASE UPDATE YOUR CONFIGURATION ACCORDINGLY: https://github.com/jorenn92/Maintainerr/releases/tag/v2.0.0`, ); console.error( - 'Could not create or access the data directory. Please make sure it has the necessary permissions', + 'Could not create or access (files in) the data directory. Please make sure the necessary permissions are set', ); process.exit(0); } From d956947901cfcd41ea924d71a48ceb2281b5d123 Mon Sep 17 00:00:00 2001 From: jorenn92 Date: Fri, 2 Feb 2024 11:50:53 +0100 Subject: [PATCH 4/4] refactor: Fixed database check condition --- server/src/main.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main.ts b/server/src/main.ts index 5dd92429..3917f892 100644 --- a/server/src/main.ts +++ b/server/src/main.ts @@ -91,7 +91,7 @@ function createDataDirectoryStructure() { // if db already exists, check r/w permissions const db = path.join(__dirname, `../../data/maintainerr.sqlite`); - if (!fs.existsSync(db)) { + if (fs.existsSync(db)) { fs.accessSync(db, fs.constants.R_OK | fs.constants.W_OK); } } catch (err) {