summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMathijs van Veluw <[email protected]>2024-08-27 19:37:17 +0200
committerGitHub <[email protected]>2024-08-27 19:37:17 +0200
commit92f1530e96449a93eb172cb6ac920bf2b1cad603 (patch)
tree5575f91de30a72ee7203d049aaa6fc76134e7277
parent2b824e8096bd0764755f2e5d3943f04b00110b5e (diff)
downloadvaultwarden-92f1530e96449a93eb172cb6ac920bf2b1cad603.tar.gz
vaultwarden-92f1530e96449a93eb172cb6ac920bf2b1cad603.zip
Allow custom umask setting (#4896)
To provide a way to add more security regarding file/folder permissions this PR adds a way to allow setting a custom `UMASK` variable. This allows people to set a more secure default like only allowing the owner the the process/container to read/write files and folders. Examples: - `UMASK=022` File: 644 | Folder: 755 (Default of the containers) This means Owner read/write and group/world read-only - `UMASK=027` File: 640 | Folder: 750 This means Owner read/write, group read-only, world no access - `UMASK=077` File: 600 | Folder: 700 This measn Owner read/write and group/world no access resolves #4571 Signed-off-by: BlackDex <[email protected]>
-rwxr-xr-xdocker/start.sh4
1 files changed, 4 insertions, 0 deletions
diff --git a/docker/start.sh b/docker/start.sh
index e9a932e4..4fac4514 100755
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -1,5 +1,9 @@
#!/bin/sh
+if [ -n "${UMASK}" ]; then
+ umask "${UMASK}"
+fi
+
if [ -r /etc/vaultwarden.sh ]; then
. /etc/vaultwarden.sh
elif [ -r /etc/bitwarden_rs.sh ]; then