fix(docker): 针对已经存在的容器或后期新建的容器权限设置更新
This commit is contained in:
@@ -1,19 +1,59 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
# 确保目录所有者为www-data, 组为www-data, 权限为755
|
# 设置全局umask
|
||||||
# 这是因为 PHP 进程实际运行时使用的是 Web 服务器用户(如 www-data),而不是 root 用户
|
umask 0002
|
||||||
chown -R www-data:www-data /var/www/html
|
|
||||||
|
|
||||||
# 检查并创建必要的目录
|
echo "=== ThinkPHP Docker权限初始化 ==="
|
||||||
for dir in "/var/www/html/runtime" "/var/www/html/upload"; do
|
|
||||||
if [ ! -d "$dir" ]; then
|
# 修复目录所有权和权限
|
||||||
|
fix_directory_permissions() {
|
||||||
|
local dir=$1
|
||||||
|
echo "修复目录权限: $dir"
|
||||||
|
|
||||||
|
# 确保目录存在
|
||||||
mkdir -p "$dir"
|
mkdir -p "$dir"
|
||||||
echo "创建目录: $dir"
|
|
||||||
fi
|
# 设置所有权
|
||||||
|
chown -R www-data:www-data "$dir"
|
||||||
|
|
||||||
# 设置权限
|
# 设置权限
|
||||||
chmod -R 755 "$dir"
|
chmod -R 775 "$dir"
|
||||||
echo "设置权限: $dir -> 755"
|
|
||||||
|
# 设置setgid权限
|
||||||
|
chmod g+s "$dir"
|
||||||
|
|
||||||
|
# 尝试设置ACL(如果支持)
|
||||||
|
if command -v setfacl >/dev/null 2>&1; then
|
||||||
|
setfacl -d -m u:www-data:rwx -m u:root:rwx "$dir" 2>/dev/null || true
|
||||||
|
setfacl -Rm u:www-data:rwx "$dir" 2>/dev/null || true
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "✅ $dir 权限设置完成"
|
||||||
|
}
|
||||||
|
|
||||||
|
# 处理所有需要权限的目录
|
||||||
|
directories=("runtime" "upload")
|
||||||
|
for dir in "${directories[@]}"; do
|
||||||
|
fix_directory_permissions "/var/www/html/$dir"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# 验证权限
|
||||||
|
echo "=== 权限验证 ==="
|
||||||
|
echo "当前用户: $(whoami)"
|
||||||
|
echo "当前UID: $(id -u), GID: $(id -g)"
|
||||||
|
echo "当前umask: $(umask)"
|
||||||
|
|
||||||
|
# 测试写入权限
|
||||||
|
sudo -u www-data mkdir -p /var/www/html/runtime/test_dir 2>/dev/null && \
|
||||||
|
echo "✅ runtime目录新建子目录测试通过" || \
|
||||||
|
echo "❌ runtime目录新建子目录失败"
|
||||||
|
|
||||||
|
sudo -u www-data mkdir -p /var/www/html/upload/test_dir 2>/dev/null && \
|
||||||
|
echo "✅ upload目录新建子目录测试通过" || \
|
||||||
|
echo "❌ upload目录新建子目录失败"
|
||||||
|
|
||||||
|
echo "=== 启动应用 ==="
|
||||||
|
|
||||||
# 执行原有的启动命令
|
# 执行原有的启动命令
|
||||||
exec "$@"
|
exec "$@"
|
||||||
@@ -7,17 +7,17 @@ loglevel=info
|
|||||||
pidfile=/var/run/supervisord.pid
|
pidfile=/var/run/supervisord.pid
|
||||||
|
|
||||||
[program:chmod]
|
[program:chmod]
|
||||||
command=chown -R www-data:www-data ./runtime/ && chmod -R 755 ./runtime/ && chown -R www-data:www-data ./upload/ && chmod -R 755 ./upload/
|
command=/bin/bash -c "while true; do chmod -R 775 ./runtime/ ./uploads/ 2>/dev/null || true; sleep 30; done"
|
||||||
directory=/var/www/html
|
directory=/var/www/html
|
||||||
autostart=true
|
autostart=true
|
||||||
autorestart=false
|
autorestart=true
|
||||||
startretries=3
|
|
||||||
startsecs=1
|
|
||||||
stopasgroup=true
|
stopasgroup=true
|
||||||
killasgroup=true
|
killasgroup=true
|
||||||
|
|
||||||
[program:php-fpm]
|
[program:php-fpm]
|
||||||
command=php-fpm
|
command=php-fpm
|
||||||
|
user=www-data
|
||||||
|
umask=0002
|
||||||
autostart=true
|
autostart=true
|
||||||
autorestart=true
|
autorestart=true
|
||||||
startretries=3
|
startretries=3
|
||||||
|
|||||||
Reference in New Issue
Block a user