Update file permissions in Dockerfiles

2026-05-24 09:28:37 +00:00 · 2024-08-30 11:27:22 +02:00 · 2024-08-30 11:27:22 +02:00 · f70778f100
commit f70778f100
parent 22303d9734
10 changed files with 23 additions and 9 deletions
--- a/src/autoconf/Dockerfile
+++ b/src/autoconf/Dockerfile
@ -63,6 +63,8 @@ RUN cp helpers/bwcli /usr/bin/ && \
  chmod -R 770 /data && \
  chown -R root:autoconf INTEGRATION /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /usr/bin/bwcli && \
  chmod -R 770 /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb && \
+  find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
+  find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
  chmod 750 cli/main.py helpers/*.sh /usr/bin/bwcli autoconf/main.py && \
  chmod 660 INTEGRATION

--- a/src/bw/Dockerfile
+++ b/src/bw/Dockerfile
@ -67,7 +67,9 @@ RUN cp helpers/bwcli /usr/bin/ && \
 	for dir in $(echo "pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs configs/crs-plugins-before configs/crs-plugins-after") ; do mkdir "/data/${dir}" ; done && \
 	chown -R root:nginx /data /etc/nginx /var/cache/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /usr/bin/bwcli && \
 	chmod -R 770 /data /etc/nginx /var/cache/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/log/bunkerweb /var/run/bunkerweb && \
-	chmod 750 cli/main.py gen/main.py helpers/*.sh entrypoint.sh /usr/bin/bwcli deps/python/bin/* && \
+	chmod 750 cli/main.py gen/main.py helpers/*.sh entrypoint.sh /usr/bin/bwcli && \
+	find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
+	find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
 	rm -f /var/log/bunkerweb/* && \
 	ln -s /proc/1/fd/2 /var/log/bunkerweb/error.log && \
 	ln -s /proc/1/fd/2 /var/log/bunkerweb/modsec_audit.log && \
--- a/src/linux/Dockerfile-debian
+++ b/src/linux/Dockerfile-debian
@ -89,7 +89,8 @@ RUN cp helpers/bwcli /usr/bin/ && \
    chmod 755 /var/log/bunkerweb && \
    touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
    chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
-    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
+    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.sh helpers/*.sh /var/www/ && \
+    find ui -name "*.py" -type f -exec chmod 750 {} \; && \
    find core/*/jobs/* -type f -exec chmod 750 {} \; && \
    find core/*/bwcli/* -type f -exec chmod 750 {} \; && \
    chmod 755 .
--- a/src/linux/Dockerfile-fedora
+++ b/src/linux/Dockerfile-fedora
@ -85,7 +85,8 @@ RUN cp helpers/bwcli /usr/bin/ && \
    chmod 755 /var/log/bunkerweb && \
    touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
    chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
-    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
+    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.sh helpers/*.sh /var/www/ && \
+    find ui -name "*.py" -type f -exec chmod 750 {} \; && \
    find core/*/jobs/* -type f -exec chmod 750 {} \; && \
    find core/*/bwcli/* -type f -exec chmod 750 {} \; && \
    chmod 755 .
--- a/src/linux/Dockerfile-rhel
+++ b/src/linux/Dockerfile-rhel
@ -97,7 +97,8 @@ RUN cp helpers/bwcli /usr/bin/ && \
  chmod 755 /var/log/bunkerweb && \
  touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
  chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
-  chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
+  chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.sh helpers/*.sh /var/www/ && \
+  find ui -name "*.py" -type f -exec chmod 750 {} \; && \
  find core/*/jobs/* -type f -exec chmod 750 {} \; && \
  find core/*/bwcli/* -type f -exec chmod 750 {} \; && \
  chmod 755 .
--- a/src/linux/Dockerfile-rhel9
+++ b/src/linux/Dockerfile-rhel9
@ -100,7 +100,8 @@ RUN cp helpers/bwcli /usr/bin/ && \
  chmod 755 /var/log/bunkerweb && \
  touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
  chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
-  chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
+  chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.sh helpers/*.sh /var/www/ && \
+  find ui -name "*.py" -type f -exec chmod 750 {} \; && \
  find core/*/jobs/* -type f -exec chmod 750 {} \; && \
  find core/*/bwcli/* -type f -exec chmod 750 {} \; && \
  chmod 755 .
--- a/src/linux/Dockerfile-ubuntu
+++ b/src/linux/Dockerfile-ubuntu
@ -89,7 +89,8 @@ RUN cp helpers/bwcli /usr/bin/ && \
    chmod 755 /var/log/bunkerweb && \
    touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
    chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
-    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
+    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.sh helpers/*.sh /var/www/ && \
+    find ui -name "*.py" -type f -exec chmod 750 {} \; && \
    find core/*/jobs/* -type f -exec chmod 750 {} \; && \
    find core/*/bwcli/* -type f -exec chmod 750 {} \; && \
    chmod 755 .
--- a/src/linux/Dockerfile-ubuntu-jammy
+++ b/src/linux/Dockerfile-ubuntu-jammy
@ -90,7 +90,8 @@ RUN cp helpers/bwcli /usr/bin/ && \
    chmod 755 /var/log/bunkerweb && \
    touch /var/log/bunkerweb/error.log /var/log/bunkerweb/access.log /var/log/bunkerweb/modsec_audit.log && \
    chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \
-    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \
+    chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.sh helpers/*.sh /var/www/ && \
+    find ui -name "*.py" -type f -exec chmod 750 {} \; && \
    find core/*/jobs/* -type f -exec chmod 750 {} \; && \
    find core/*/bwcli/* -type f -exec chmod 750 {} \; && \
    chmod 755 .
--- a/src/scheduler/Dockerfile
+++ b/src/scheduler/Dockerfile
@ -69,7 +69,9 @@ RUN cp helpers/bwcli /usr/bin/ && \
  chmod -R 770 /data /etc/nginx /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb && \
  find core/*/jobs/* -type f -exec chmod 750 {} \; && \
  find core/*/bwcli/* -type f -exec chmod 750 {} \; && \
-  chmod 750 cli/main.py gen/*.py scheduler/main.py scheduler/entrypoint.sh helpers/*.sh deps/python/bin/* /usr/bin/bwcli && \
+  find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
+  find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
+  chmod 750 cli/main.py gen/*.py scheduler/main.py scheduler/entrypoint.sh helpers/*.sh /usr/bin/bwcli && \
  chmod 660 INTEGRATION


--- a/src/ui/Dockerfile
+++ b/src/ui/Dockerfile
@ -63,7 +63,9 @@ RUN echo "Docker" > INTEGRATION && \
  for dir in $(echo "pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
  chown -R root:ui INTEGRATION /data /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb && \
  chmod -R 770 /data /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb && \
-  chmod 750 gen/*.py ui/*.sh helpers/*.sh deps/python/bin/* && \
+  chmod 750 gen/*.py ui/*.sh helpers/*.sh && \
+  find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
+  find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
  find ui -name "*.py" -type f -exec chmod 750 {} \; && \
  chmod 660 INTEGRATION && \
  ln -s /proc/1/fd/1 /var/log/bunkerweb/ui-access.log && \