Description
As mentioned here
I experimented a bit more with this and I suspect we're carrying around some dead weight. The chown commands don't do anything on a modern Docker engine as far as I can tell - everything is already owned by user couchdb. The chmod commands do have an effect but honestly I'm wondering if these are even necessary:
Switch /opt/couchdb/data from 755 to 770 Switch the .ini files from 644 to 664 Switch the config directories from 755 to 775I don't know what standard we used to come up with these settings but e.g. the docker.ini file that we create in docker-entrypoint.sh has 644 permissions so we're not even internally consistent.
I don't have a proper test matrix of Docker engine versions etc. to see if there was a point in time at which these settings were needed. I've also not tried Windows or anything else exotic.
@kocolosk here's my thinking on the above:
The chown commands don't do anything on a modern Docker engine as far as I can tell
I believe we had this in there because, if you are mounting an external volume, you might have all the files owned by the wrong user and CouchDB simply wouldn't operate. This is frightfully common.
I suspect if we remove this, we'll start getting bugs about how CouchDB can't read/write its data.
We could have the entryfile (or CouchDB!) complain if it can't read/write to that folder, would that be sufficient?
Switch
/opt/couchdb/datafrom 755 to 770
The point of this I believe was to ensure that externally mounted volumes were correctly not allowing access to the data directory from anyone other than the couchdb user and group. Similar problem to the issue above.
Switch the .ini files from 644 to 664 Switch the config directories from 755 to 775
These were probably intended to ensure that the group could write to those files as well, but I suspect this can go. Why these are xx4 and xx5 instead of xx0, being inconsistent with /opt/couchdb/data, I don't know.