diff options
author | Mathijs van Veluw <[email protected]> | 2024-08-27 19:37:17 +0200 |
---|---|---|
committer | GitHub <[email protected]> | 2024-08-27 19:37:17 +0200 |
commit | 92f1530e96449a93eb172cb6ac920bf2b1cad603 (patch) | |
tree | 5575f91de30a72ee7203d049aaa6fc76134e7277 | |
parent | 2b824e8096bd0764755f2e5d3943f04b00110b5e (diff) | |
download | vaultwarden-92f1530e96449a93eb172cb6ac920bf2b1cad603.tar.gz vaultwarden-92f1530e96449a93eb172cb6ac920bf2b1cad603.zip |
Allow custom umask setting (#4896)
To provide a way to add more security regarding file/folder permissions
this PR adds a way to allow setting a custom `UMASK` variable.
This allows people to set a more secure default like only allowing the
owner the the process/container to read/write files and folders.
Examples:
- `UMASK=022` File: 644 | Folder: 755 (Default of the containers)
This means Owner read/write and group/world read-only
- `UMASK=027` File: 640 | Folder: 750
This means Owner read/write, group read-only, world no access
- `UMASK=077` File: 600 | Folder: 700
This measn Owner read/write and group/world no access
resolves #4571
Signed-off-by: BlackDex <[email protected]>
-rwxr-xr-x | docker/start.sh | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docker/start.sh b/docker/start.sh index e9a932e4..4fac4514 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -1,5 +1,9 @@ #!/bin/sh +if [ -n "${UMASK}" ]; then + umask "${UMASK}" +fi + if [ -r /etc/vaultwarden.sh ]; then . /etc/vaultwarden.sh elif [ -r /etc/bitwarden_rs.sh ]; then |