Skip to content

Wrong folder 777 permissions when persisting wp-content only #473

@iamcryptoki

Description

@iamcryptoki

WHAT HAPPENED

I have a custom image that inherits from wordpress:5.3.2-apache (see below).

I'm trying to create a non-root Wordpress container and persist wp-content folder ONLY (not the whole Wordpress at /var/www/html).

When running the container:

  • /var/www/html is set to 777.
  • New plugins installed using the dashboard have a folder set to 777.
  • New folders automatically created in wp-content and uploads are set to 777.

Tried to chmod /var/www/html in the Dockerfile, but it does nothing.

Folders have proper permissions when persisting /var/www/html (all Wordpress files).

WHAT YOU EXPECTED TO HAPPEN

Persist /var/www/html/wp-content ONLY with /var/www/html permission set to 755.

DOCKERFILE "wpcustom:5.3.2"

FROM wordpress:5.3.2-apache

ENV TZ="Europe/Paris"
RUN cp /usr/share/zoneinfo/${TZ} /etc/localtime

ENV APACHE_SERVER_NAME="localhost" \
    APACHE_RUN_USER="myuser" \
    APACHE_RUN_GROUP="myuser" \
    APACHE_PORT_HTTP="8080" \
    APACHE_PORT_HTTPS="8443" \
    APACHE_LOG_DIR="/var/log/apache2"

RUN groupadd -g 2000 ${APACHE_RUN_GROUP} && \
    useradd -s /bin/bash -u 2000 -g ${APACHE_RUN_GROUP} ${APACHE_RUN_USER};

RUN sed -i 's/Listen 80/Listen ${APACHE_PORT_HTTP}/g' /etc/apache2/ports.conf; \
    sed -i 's/Listen 443/Listen ${APACHE_PORT_HTTPS}/g' /etc/apache2/ports.conf; \
    sed -i 's/:80/:${APACHE_PORT_HTTP}/g' /etc/apache2/sites-enabled/000-default.conf; \
    sed -i 's/#ServerName www.example.com/ServerName ${APACHE_SERVER_NAME}/g' /etc/apache2/sites-enabled/000-default.conf;

USER ${APACHE_RUN_USER}

EXPOSE ${APACHE_PORT_HTTP} ${APACHE_PORT_HTTPS}

CMD ["apache2-foreground"]

HOW TO REPRODUCE IT

Using Docker:

$ docker run --name wp -v ./wp-content:/var/www/html/wp-content -p 80:8080 -p 443:8443 wpcustom:5.3.2
$ docker exec -i -t wp /bin/bash
$ ls -la /var/www

Note: you can also reproduce it with the original image wordpress:5.3.2-apache.

Using Kubernetes:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: school-wordpress
  namespace: dev
  labels:
    app: school
spec:
  selector:
    matchLabels:
      app: school
      role: frontend
      tier: wordpress
  replicas: 4
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 50%
      maxUnavailable: 50%
  template:
    metadata:
      labels:
        app: school
        role: frontend
        tier: wordpress
    spec:
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
      volumes:
        - name: school-wordpress
          persistentVolumeClaim:
            claimName: school-wordpress
      containers:
        - name: school-wordpress
          image: customwp:5.3.2
          imagePullPolicy: Always
          securityContext:
            runAsUser: 2000
            runAsGroup: 2000
            allowPrivilegeEscalation: false
          volumeMounts:
            - name: school-wordpress
              mountPath: /var/www/html/wp-content
          ports:
            - name: liveness
              containerPort: 8080
          readinessProbe:
            initialDelaySeconds: 5
            tcpSocket:
              port: liveness
            timeoutSeconds: 5
            periodSeconds: 30
            failureThreshold: 5
          livenessProbe:
            initialDelaySeconds: 5
            tcpSocket:
              port: liveness
            timeoutSeconds: 5
            periodSeconds: 30
            failureThreshold: 5
          envFrom:
            - configMapRef: { name: school-wordpress }
            - secretRef: { name: school-wordpress }
          env:
            - name: APACHE_SERVER_NAME
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP

$ kubectl exec -it school-wordpress -n dev -- ls -la /var/www

Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions