114 lines
3.1 KiB
Bash
114 lines
3.1 KiB
Bash
#!/bin/bash
|
||
set -e
|
||
|
||
echo "=== ThinkPHP Docker权限初始化 ==="
|
||
|
||
# 定义应用根目录
|
||
APP_ROOT="/var/www/html"
|
||
|
||
# 获取正确的用户和组
|
||
if [ -n "$USER_ID" ] && [ -n "$GROUP_ID" ]; then
|
||
# 如果指定了用户ID,修改www-data
|
||
usermod -u $USER_ID www-data
|
||
groupmod -g $GROUP_ID www-data
|
||
fi
|
||
|
||
echo "当前用户: $(whoami)"
|
||
echo "UID: $(id -u), GID: $(id -g)"
|
||
|
||
# 修复目录所有权和权限
|
||
fix_directory_permissions() {
|
||
local dir=$1
|
||
echo "修复PHP目录权限: $dir"
|
||
|
||
# 确保目录存在
|
||
mkdir -p "$dir"
|
||
|
||
# 设置所有权
|
||
chown -R www-data:www-data "$dir"
|
||
|
||
# 设置权限
|
||
chmod -R 775 "$dir"
|
||
|
||
# 设置setgid权限
|
||
chmod g+s "$dir"
|
||
|
||
# 尝试设置ACL(如果支持)
|
||
if command -v setfacl >/dev/null 2>&1; then
|
||
setfacl -dR -m u:www-data:rwx "$dir"
|
||
fi
|
||
|
||
find "$dir" -type d -exec chmod 775 {} \;
|
||
find "$dir" -type f -exec chmod 775 {} \;
|
||
find "$dir" -type d -exec chmod g+s {} \;
|
||
find "$dir" -type f -exec chmod g+s {} \;
|
||
|
||
# 设置umask
|
||
umask 0002
|
||
|
||
echo "✅ $dir 权限设置完成, 目录权限: $(stat -c '%a %n' "$dir"), setgid权限: $(stat -c '%a %n' "$dir" | grep 's')"
|
||
}
|
||
|
||
|
||
# 处理所有需要权限的目录
|
||
directories=("addon" "app" "config" "extend" "public" "runtime" "upload" "runtime/log" "runtime/cache" "runtime/temp")
|
||
for dir in "${directories[@]}"; do
|
||
fix_directory_permissions "$APP_ROOT/$dir"
|
||
done
|
||
|
||
|
||
# 验证权限
|
||
echo "=== 权限验证 ==="
|
||
echo "当前用户: $(whoami)"
|
||
echo "当前UID: $(id -u), GID: $(id -g)"
|
||
echo "当前umask: $(umask)"
|
||
|
||
# 验证www-data用户是否可以在runtime和upload目录下新建子目录
|
||
|
||
# 方法1:使用sudo
|
||
if command -v sudo >/dev/null 2>&1; then
|
||
echo "使用sudo测试..."
|
||
if sudo -u www-data mkdir -p $APP_ROOT/runtime/log/test_dir 2>/dev/null; then
|
||
echo "✅ sudo: runtime目录创建子目录成功 [使用www-data用户]"
|
||
rm -rf $APP_ROOT/runtime/log/test_dir
|
||
else
|
||
echo "❌ sudo: runtime目录创建子目录失败 [使用www-data用户]"
|
||
fi
|
||
fi
|
||
|
||
# 方法2:使用su
|
||
echo "使用su测试..."
|
||
if su -s /bin/sh -c "mkdir -p $APP_ROOT/runtime/log/test_dir" www-data 2>/dev/null; then
|
||
echo "✅ su: runtime目录创建子目录成功 [使用www-data用户]"
|
||
rm -rf $APP_ROOT/runtime/log/test_dir
|
||
else
|
||
echo "❌ su: runtime目录创建子目录失败 [使用www-data用户]"
|
||
fi
|
||
|
||
# 方法3:使用runuser
|
||
if command -v runuser >/dev/null 2>&1; then
|
||
echo "使用runuser测试..."
|
||
if runuser -u www-data -- mkdir -p $APP_ROOT/runtime/log/test_dir 2>/dev/null; then
|
||
echo "✅ runuser: runtime目录创建子目录成功 [使用www-data用户]"
|
||
rm -rf $APP_ROOT/runtime/log/test_dir
|
||
else
|
||
echo "❌ runuser: runtime目录创建子目录失败 [使用www-data用户]"
|
||
fi
|
||
fi
|
||
|
||
# 检查www-data用户和组
|
||
echo "检查www-data用户..."
|
||
id www-data
|
||
groups www-data
|
||
|
||
# 检查目录的实际权限
|
||
echo "检查目录权限..."
|
||
ls -ld $APP_ROOT/runtime/log
|
||
ls -ld $APP_ROOT/runtime/cache
|
||
ls -ld $APP_ROOT/runtime/temp
|
||
ls -ld $APP_ROOT/upload
|
||
|
||
echo "=== 启动应用 ==="
|
||
|
||
# 执行原有的启动命令
|
||
exec "$@" |