Skip to content
Snippets Groups Projects
Commit 6c465f84 authored by Arthur Ulfeldt's avatar Arthur Ulfeldt
Browse files

Safely set permissions when an H2 db is mounted in a shared volume

If the DB is using H2 and it's stores outside of docker, then we need
to be polite and safe about how we set permissions on the directory.
parent 4a8d5337
No related branches found
No related tags found
No related merge requests found
......@@ -32,32 +32,83 @@ MGID=${MGID:-2000}
MUID=${MUID:-2000}
# create the group if it does not exist
# TODO: edit an existing group if MGID has changed
getent group metabase > /dev/null 2>&1
group_exists=$?
if [ $group_exists ]; then
if [ $group_exists -ne 0 ]; then
addgroup -g $MGID -S metabase
fi
# create the user if it does not exist
# TODO: edit an existing user if MGID has changed
id -u metabase > /dev/null 2>&1
user_exists=$?
if [[ $user_exists -ne 0 ]]; then
adduser -D -u $MUID -G metabase metabase
fi
# this is to avoid running creating non-root DB files at the root of the filesystem
# while still making them easy to find for DB export when migrating from H2 to other application DBs
db_file=${MB_DB_FILE:-/app/metabase.db}
db_alias=/metabase.db
export MB_DB_FILE=$db_file
chown metabase:metabase /app
touch $db_file
chown metabase:metabase $db_file
if [[ ! -f $db_alias ]]; then
ln -s $db_file $db_alias
db_file=${MB_DB_FILE:-/metabase.db}
# In order to run metabase as a non-root user in docker, we need to handle various
# cases where we where previously ran as root and have an existing database that
# consists of a bunch of files, that are owned by root, sitting in a directory that
# may only be writable by root. It's not safe to simply change the ownership or
# permissions of an unknown directory that may be a volume mounted on the host, so
# we will need to detect this and make a place that is going to be safe to set
# permissions on.
# So first some preliminary checks:
# 1. Does this container have an existing H2 database file?
# 2. or an existing H2 database in it's own directory,
# 3. or neither?
# is there a pre-existing files only database without a metabase specific directory?
if ls $db_file\.* > /dev/null 2>&1; then
db_exists=true
else
db_exists=false
fi
# is it an old style file
if [[ -d "$db_file" ]]; then
db_directory=true
else
db_directory=false
fi
# If the db exits, and it's just some files in a shared directory we could do
# serious damage to peoples home or /tmp directories if we where to set the
# permissions on that directory to allow metabase to create db-lock and db-part
# file there. To keep them safe we make a new directory with the same name and
# move the db file into the new directory. If we where passed the name of a
# directory rather than a specific file, then we are safe to set permissions on
# that directory so there is no need to move anything.
# an example file would look like /tmp/metabase.db/metabase.db.mv.db
new_db_dir=$(dirname $db_file)/$(basename $db_file)
if [[ $db_exists = "true" && ! $db_directory = "true" ]]; then
mkdir $new_db_dir
mv $db_file\.* $new_db_dir/
fi
# and for the new install case we create the directory
if [[ $db_exists = "false" && $db_directory = "false" ]]; then
mkdir $new_db_dir
fi
# the case where the DB exists and is a directory, there is nothing to do
# so nothing happens here. This will be the normal case.
# next we tell metabase use the files we just moved into the directory
# or create the files in that directory if they don't exist.
export MB_DB_FILE=$new_db_dir/$(basename $db_file)
# TODO: print big scary warning if they are configuring an ephemeral instance
chown metabase:metabase $new_db_dir $new_db_dir/* 2>/dev/null # all that fussing makes this safe
# Setup Java Options
JAVA_OPTS="${JAVA_OPTS} -Dlogfile.path=target/log -XX:+CMSClassUnloadingEnabled -XX:+UseConcMarkSweepGC -server"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment