-
-
Notifications
You must be signed in to change notification settings - Fork 18
feat: only do a full chown of the /data directory if requested or if the /data directory is not owned by plone #201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
erral
wants to merge
6
commits into
6.1.x
Choose a base branch
from
fix-chown
base: 6.1.x
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
7a22939
feat: only do a full chown of the /data directory if requested or if …
erral a5190cb
fix
erral f5bdf86
remove echo
erral e8e032e
output a message when the docker image is running the find&chown
erral 825dbde
add tests
erral 2bf5196
Merge branch '6.1.x' into fix-chown
erral File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- Case 1: Automatic fix --- | ||
| Running chown to fix ownership of the data directory | ||
| --- Case 2: Forced fix --- | ||
| Running chown to fix ownership of the data directory | ||
| --- Case 3: No fix --- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| #!/bin/bash | ||
| set -eo pipefail | ||
|
|
||
| image="$1" | ||
|
|
||
| # Case 1: /data owned by root. Should fix it automatically. | ||
| echo "--- Case 1: Automatic fix ---" | ||
| cname1="plone-chown-auto-$RANDOM" | ||
| docker run --name "$cname1" -v /data busybox sh -c "chown root:root /data && touch /data/auto" | ||
| docker run --rm --volumes-from "$cname1" "$image" true | ||
| docker run --rm --volumes-from "$cname1" busybox stat -c "%u:%g" /data/auto | grep -q "500:500" | ||
| docker rm -v "$cname1" > /dev/null | ||
|
|
||
| # Case 2: /data owned by plone, but FORCE_CHOWN=1. Should fix it manually. | ||
| echo "--- Case 2: Forced fix ---" | ||
| cname2="plone-chown-force-$RANDOM" | ||
| docker run --name "$cname2" -v /data busybox sh -c "chown 500:500 /data && touch /data/forced && chown root:root /data/forced" | ||
| docker run --rm --volumes-from "$cname2" -e FORCE_CHOWN="1" "$image" true | ||
| docker run --rm --volumes-from "$cname2" busybox stat -c "%u:%g" /data/forced | grep -q "500:500" | ||
| docker rm -v "$cname2" > /dev/null | ||
|
|
||
| # Case 3: /data owned by plone, no FORCE_CHOWN. Should NOT fix (no message). | ||
| echo "--- Case 3: No fix ---" | ||
| cname3="plone-chown-none-$RANDOM" | ||
| docker run --name "$cname3" -v /data busybox sh -c "chown 500:500 /data && touch /data/no-fix && chown root:root /data/no-fix" | ||
| docker run --rm --volumes-from "$cname3" "$image" true | ||
| # Should still be root:root (0:0) | ||
| docker run --rm --volumes-from "$cname3" busybox stat -c "%u:%g" /data/no-fix | grep -q "0:0" | ||
| docker rm -v "$cname3" > /dev/null |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe log something before this starts, so it's more obvious when it happens?
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also find + chown is a lot slower, just use chown -R and it will be fast and you don't need any check :-) or, at least, move the check on the file, so do find and use stat to see if the file owner should be changed and change it only if needed. This avoid to write no fs when unnecessary. Something like "find /datadirectory ! ( -user plone -group plone ) -exec chown nomeutente:nomegruppo {} +"
Find will check if a file have an incorrect user or group and write only if it happens. So it should be very fast. For example (in a blobstorage I've created a file named zero with owner root and group plone):
in a couple of seconds you can check things, and the time depends on the number of files to fix. Said that, it is quite uncommon to have mixed users/group in the blobstorage, so I don't know if this optimisation can really help. Also, the command above don't check for file permissions/suid directories.
So the best command is:
but this is because -R already checks if the owner and group are already ok. So you've the check already in place in chown -R. In this case it is all ok and in a 1,6 secs you can do the check. This is a local filesystem, things can be different in other cases but the command just read until it really needs to write. Chown has a -c flag that outputs only changed files, it can be handy when testing.
Note: beware of syntax and escaping in the find command above, can be tricky because of ! and (
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your stats @yurj.
I have 2 sites that I have already moved to plone-backend + plone-zeo and where I have running a custom plone-backend image without the find-chown dance. When I run the said chown command I get the following information:
Site 1: 590667 blobs
Site 2: many more blobs than Site 1. It is still running after more than 30 minutes and hasn't finished yet 😓
In this other site, I have a buildout based project, and I have run the same command:
Site 3: 95238 blobs
So I will update the PR to add the information message as suggested.