Entrypoint: Ensure that uploaded files are not executable

Signed-off-by: Danilo Bargen <mail@dbrgn.ch>

Entrypoint: Ensure that uploaded files are not executable
Signed-off-by: Danilo Bargen <mail@dbrgn.ch>
12c88e2c · Danilo Bargen · bb9dfa1e · 12c88e2c
Commit 12c88e2c authored Nov 29, 2021 by Danilo Bargen
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

docker-entrypoint.sh resources/docker-entrypoint.sh +2 -0

No files found.
--- a/resources/docker-entrypoint.sh
+++ b/resources/docker-entrypoint.sh
@@ -29,8 +29,10 @@ fi
 # Change owner and permission if filesystem backend is used and user has root permissions
 if [ "$UID" -eq 0 ] && [ "$CMD_IMAGE_UPLOAD_TYPE" = "filesystem" ]; then
    if [ "$UID" -eq 0 ]; then
+        echo "Updating uploads directory permissions ($UPLOADS_MODE)"
        chown -R hedgedoc ./public/uploads
        chmod $UPLOADS_MODE ./public/uploads
+        find ./public/uploads -type f -executable -exec chmod a-x {} \;
    else
        echo "
            #################################################################