diff --git a/docker-compose.yml b/docker-compose.yml index 5cbb7ac..8b472b6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -170,25 +170,39 @@ services: - /bin/bash - -c - | - microdnf install -y curl || yum install -y curl || (apt-get update -qq && apt-get install -y curl) - echo "đŸ“Ĩ Preparing backup scheduler (dropping privileges to ${CONTAINER_USER})..." - run_as_user(){ - if command -v gosu >/dev/null 2>&1; then - gosu ${CONTAINER_USER} "$@" - else - echo "⚠ī¸ gosu not found; running backup scheduler as root." - "$@" - fi + install_curl(){ + microdnf install -y curl >/dev/null 2>&1 && return + yum install -y curl >/dev/null 2>&1 && return + apt-get update -qq && apt-get install -y curl >/dev/null 2>&1 && return + echo "❌ Failed to install curl"; exit 1 } - if [ -f /tmp/scripts/bash/backup-scheduler.sh ]; then - chmod +x /tmp/scripts/bash/backup-scheduler.sh 2>/dev/null || true - run_as_user /tmp/scripts/bash/backup-scheduler.sh - else - echo "No local scheduler provided" - fi - # Fix permissions for any backup directories created + ensure_gosu(){ + if command -v gosu >/dev/null 2>&1; then + return + fi + install_curl + arch="$$(uname -m)" + case "$${arch}" in + x86_64|amd64) gosu_arch=amd64 ;; + aarch64|arm64) gosu_arch=arm64 ;; + *) echo "❌ Unsupported architecture for gosu: $${arch}"; exit 1 ;; + esac + echo "âŦ‡ī¸ Installing gosu for privilege drop..." + curl -fsSL "https://github.com/tianon/gosu/releases/download/1.14/gosu-$${gosu_arch}" -o /usr/local/bin/gosu + chmod +x /usr/local/bin/gosu + } + install_curl + ensure_gosu + echo "đŸ“Ĩ Preparing backup scheduler (running as ${CONTAINER_USER})..." chown -R ${CONTAINER_USER} /backups 2>/dev/null || true chmod -R 755 /backups 2>/dev/null || true + if [ -f /tmp/scripts/bash/backup-scheduler.sh ]; then + chmod +x /tmp/scripts/bash/backup-scheduler.sh 2>/dev/null || true + exec gosu ${CONTAINER_USER} /tmp/scripts/bash/backup-scheduler.sh + else + echo "No local scheduler provided" + sleep infinity + fi restart: unless-stopped healthcheck: test: diff --git a/scripts/bash/backup-scheduler.sh b/scripts/bash/backup-scheduler.sh index f4fa685..fbf4092 100755 --- a/scripts/bash/backup-scheduler.sh +++ b/scripts/bash/backup-scheduler.sh @@ -78,6 +78,15 @@ EOF fi log "Backup complete: $target_dir (size ${size})" + if find "$target_dir" ! -user "$(id -un)" -o ! -group "$(id -gn)" -prune -print -quit >/dev/null 2>&1; then + log "ℹī¸ Ownership drift detected; correcting permissions in $target_dir" + if chown -R "$(id -u):$(id -g)" "$target_dir" >/dev/null 2>&1; then + chmod -R u+rwX,g+rX "$target_dir" >/dev/null 2>&1 || true + log "✅ Ownership reset for $target_dir" + else + log "⚠ī¸ Failed to adjust ownership for $target_dir" + fi + fi } cleanup_old() { diff --git a/scripts/bash/migrate-stack.sh b/scripts/bash/migrate-stack.sh index 9d6fb3e..b3df8d3 100755 --- a/scripts/bash/migrate-stack.sh +++ b/scripts/bash/migrate-stack.sh @@ -396,9 +396,7 @@ reset_remote_post_install_marker(){ run_ssh "mkdir -p '$marker_dir' && rm -f '$marker_path'" } -if [[ $SKIP_STORAGE -eq 0 ]]; then - reset_remote_post_install_marker -fi +reset_remote_post_install_marker # Clean up stale Docker resources before loading new images cleanup_stale_docker_resources