From ddd06fc2acd96e7327dff6b0b0a803fe947aa04d Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Wed, 10 Feb 2021 19:04:06 +0100
Subject: [PATCH] docker: add permissions to data dirs

This way data and backup dirs can be mounted as separate volumes.

Based on the proof of concept submitted by

Mark Sagi-Kazar <mark.sagikazar@gmail.com>

See #305
---
 Dockerfile                     | 4 ++--
 Dockerfile.alpine              | 4 ++--
 docker/README.md               | 4 +++-
 docker/rest-api-cli/Dockerfile | 8 --------
 4 files changed, 7 insertions(+), 13 deletions(-)
 delete mode 100644 docker/rest-api-cli/Dockerfile

diff --git a/Dockerfile b/Dockerfile
index 2d148e43..c48aa94f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,7 +32,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y ca-certificates
 
 RUN if [ "${INSTALL_OPTIONAL_PACKAGES}" = "true" ]; then apt-get update && apt-get install --no-install-recommends -y git rsync && rm -rf /var/lib/apt/lists/*; fi
 
-RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo
+RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo/data /srv/sftpgo/backups
 
 RUN groupadd --system -g 1000 sftpgo && \
     useradd --system --gid sftpgo --no-create-home \
@@ -55,7 +55,7 @@ RUN sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\"
     sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" /etc/sftpgo/sftpgo.json && \
     sed -i "s|\"address\": \"127.0.0.1\",|\"address\": \"\",|" /etc/sftpgo/sftpgo.json
 
-RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo /srv/sftpgo
+RUN chown -R sftpgo:sftpgo /etc/sftpgo /srv/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo && chmod 700 /srv/sftpgo/backups
 
 WORKDIR /var/lib/sftpgo
 USER 1000:1000
diff --git a/Dockerfile.alpine b/Dockerfile.alpine
index 8f72bec2..cdd63554 100644
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -39,7 +39,7 @@ RUN if [ "${INSTALL_OPTIONAL_PACKAGES}" = "true" ]; then apk add --update --no-c
 # https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-424546457
 RUN test ! -e /etc/nsswitch.conf && echo 'hosts: files dns' > /etc/nsswitch.conf
 
-RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo
+RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo/data /srv/sftpgo/backups
 
 RUN addgroup -g 1000 -S sftpgo && \
     adduser -u 1000 -h /var/lib/sftpgo -s /sbin/nologin -G sftpgo -S -D -H -g "SFTPGo user" sftpgo
@@ -60,7 +60,7 @@ RUN sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\"
     sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" /etc/sftpgo/sftpgo.json && \
     sed -i "s|\"address\": \"127.0.0.1\",|\"address\": \"\",|" /etc/sftpgo/sftpgo.json
 
-RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo /srv/sftpgo
+RUN chown -R sftpgo:sftpgo /etc/sftpgo /srv/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo && chmod 700 /srv/sftpgo/backups
 
 WORKDIR /var/lib/sftpgo
 USER 1000:1000
diff --git a/docker/README.md b/docker/README.md
index 9129bb27..108527e2 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -66,11 +66,13 @@ docker run --name some-sftpgo \
     -d "drakkan/sftpgo:tag"
 ```
 
-As you can see SFTPGo uses two volumes:
+As you can see SFTPGo uses two main volumes:
 
 - `/srv/sftpgo` to handle persistent data. The default home directory for SFTP/FTP/WebDAV users is `/srv/sftpgo/data/<username>`. Backups are stored in `/srv/sftpgo/backups`
 - `/var/lib/sftpgo` is the home directory for the sftpgo system user defined inside the container. This is the container working directory too, host keys will be created here when using the default configuration.
 
+If you want to get fine grained control, you can also mount `/srv/sftpgo/data` and `/srv/sftpgo/backups` as separate volumes instead of mounting `/srv/sftpgo`.
+
 ### Configuration
 
 The runtime configuration can be customized via environment variables that you can set passing the `-e` option to the `docker run` command or inside the `environment` section if you are using [docker stack deploy](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [docker-compose](https://github.com/docker/compose).
diff --git a/docker/rest-api-cli/Dockerfile b/docker/rest-api-cli/Dockerfile
deleted file mode 100644
index e93a9259..00000000
--- a/docker/rest-api-cli/Dockerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM debian:latest
-LABEL maintainer="nicola.murino@gmail.com"
-RUN apt-get update && apt-get install -y curl python3-requests python3-pygments
-
-RUN curl https://raw.githubusercontent.com/drakkan/sftpgo/master/examples/rest-api-cli/sftpgo_api_cli --output /usr/bin/sftpgo_api_cli
-
-ENTRYPOINT ["python3", "/usr/bin/sftpgo_api_cli" ]
-CMD []
\ No newline at end of file