From 8f783fd765293b6fc671a6eed63fc6a558912e9e Mon Sep 17 00:00:00 2001
From: ZF sun <34314687@qq.com>
Date: Fri, 5 Dec 2025 17:01:50 +0800
Subject: [PATCH] =?UTF-8?q?fix(docker):=20=E9=92=88=E5=AF=B9=E5=B7=B2?=
 =?UTF-8?q?=E7=BB=8F=E5=AD=98=E5=9C=A8=E7=9A=84=E5=AE=B9=E5=99=A8=E6=88=96?=
 =?UTF-8?q?=E5=90=8E=E6=9C=9F=E6=96=B0=E5=BB=BA=E7=9A=84=E5=AE=B9=E5=99=A8?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E8=AE=BE=E7=BD=AE=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker/php/entrypoint.sh    | 62 ++++++++++++++++++++++++++++++-------
 docker/php/supervisord.conf |  8 ++---
 2 files changed, 55 insertions(+), 15 deletions(-)

diff --git a/docker/php/entrypoint.sh b/docker/php/entrypoint.sh
index 136878440..2b8cf2c13 100644
--- a/docker/php/entrypoint.sh
+++ b/docker/php/entrypoint.sh
@@ -1,19 +1,59 @@
 #!/bin/bash
+set -e
 
-# 确保目录所有者为www-data, 组为www-data, 权限为755
-# 这是因为 PHP 进程实际运行时使用的是 Web 服务器用户（如 www-data），而不是 root 用户
-chown -R www-data:www-data /var/www/html
+# 设置全局umask
+umask 0002
 
-# 检查并创建必要的目录
-for dir in "/var/www/html/runtime" "/var/www/html/upload"; do
-  if [ ! -d "$dir" ]; then
+echo "=== ThinkPHP Docker权限初始化 ==="
+
+# 修复目录所有权和权限
+fix_directory_permissions() {
+    local dir=$1
+    echo "修复目录权限: $dir"
+    
+    # 确保目录存在
     mkdir -p "$dir"
-    echo "创建目录: $dir"
-  fi
-  # 设置权限
-  chmod -R 755 "$dir"
-  echo "设置权限: $dir -> 755"  
+    
+    # 设置所有权
+    chown -R www-data:www-data "$dir"
+    
+    # 设置权限
+    chmod -R 775 "$dir"
+    
+    # 设置setgid权限
+    chmod g+s "$dir"
+    
+    # 尝试设置ACL（如果支持）
+    if command -v setfacl >/dev/null 2>&1; then
+        setfacl -d -m u:www-data:rwx -m u:root:rwx "$dir" 2>/dev/null || true
+        setfacl -Rm u:www-data:rwx "$dir" 2>/dev/null || true
+    fi
+    
+    echo "✅ $dir 权限设置完成"
+}
+
+# 处理所有需要权限的目录
+directories=("runtime" "upload")
+for dir in "${directories[@]}"; do
+    fix_directory_permissions "/var/www/html/$dir"
 done
 
+# 验证权限
+echo "=== 权限验证 ==="
+echo "当前用户: $(whoami)"
+echo "当前UID: $(id -u), GID: $(id -g)"
+echo "当前umask: $(umask)"
+
+# 测试写入权限
+sudo -u www-data mkdir -p /var/www/html/runtime/test_dir 2>/dev/null && \
+    echo "✅ runtime目录新建子目录测试通过" || \
+    echo "❌ runtime目录新建子目录失败"
+
+sudo -u www-data mkdir -p /var/www/html/upload/test_dir 2>/dev/null && \
+    echo "✅ upload目录新建子目录测试通过" || \
+    echo "❌ upload目录新建子目录失败"
+
+echo "=== 启动应用 ==="
+
 # 执行原有的启动命令
 exec "$@"
\ No newline at end of file
diff --git a/docker/php/supervisord.conf b/docker/php/supervisord.conf
index 2ac079d7c..fa733ce07 100644
--- a/docker/php/supervisord.conf
+++ b/docker/php/supervisord.conf
@@ -7,17 +7,17 @@ loglevel=info
 pidfile=/var/run/supervisord.pid
 
 [program:chmod]
-command=chown -R www-data:www-data ./runtime/ && chmod -R 755 ./runtime/ && chown -R www-data:www-data ./upload/ && chmod -R 755 ./upload/
+command=/bin/bash -c "while true; do chmod -R 775 ./runtime/ ./uploads/ 2>/dev/null || true; sleep 30; done"
 directory=/var/www/html
 autostart=true
-autorestart=false
-startretries=3
-startsecs=1
+autorestart=true
 stopasgroup=true 
 killasgroup=true
 
 [program:php-fpm]
 command=php-fpm
+user=www-data
+umask=0002
 autostart=true
 autorestart=true
 startretries=3