vaultwarden

Allow custom umask setting (#4896)

To provide a way to add more security regarding file/folder permissions
this PR adds a way to allow setting a custom `UMASK` variable.

This allows people to set a more secure default like only allowing the
owner the the process/container to read/write files and folders.

Examples:
 - `UMASK=022` File: 644 | Folder: 755 (Default of the containers)
   This means Owner read/write and group/world read-only
 - `UMASK=027` File: 640 | Folder: 750
   This means Owner read/write, group read-only, world no access
 - `UMASK=077` File: 600 | Folder: 700
   This measn Owner read/write and group/world no access

resolves #4571

Signed-off-by: BlackDex <black.dex@gmail.com>

pull/4901/head

Mathijs van Veluw 1 month ago

committed by

GitHub

parent

2b824e8096

commit

92f1530e96

No known key found for this signature in database GPG Key ID: B5690EEEBB952194

1 changed files with 4 additions and 0 deletions

Unified View

							
								4

docker/start.sh

								View File
							
					@ -1,5 +1,9 @@
				
					#!/bin/sh
					
					#!/bin/sh
				
					if [ -n "${UMASK}" ]; then
				
					    umask "${UMASK}"
				
					fi
				
					if [ -r /etc/vaultwarden.sh ]; then
					
					if [ -r /etc/vaultwarden.sh ]; then
				
					    . /etc/vaultwarden.sh
					
					    . /etc/vaultwarden.sh
				
					elif [ -r /etc/bitwarden_rs.sh ]; then
					
					elif [ -r /etc/bitwarden_rs.sh ]; then

Allow custom umask setting (#4896)

4 docker/start.sh View File

4

docker/start.sh

View File