mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-27 00:10:02 +02:00 
			
		
		
		
	To provide a way to add more security regarding file/folder permissions this PR adds a way to allow setting a custom `UMASK` variable. This allows people to set a more secure default like only allowing the owner the the process/container to read/write files and folders. Examples: - `UMASK=022` File: 644 | Folder: 755 (Default of the containers) This means Owner read/write and group/world read-only - `UMASK=027` File: 640 | Folder: 750 This means Owner read/write, group read-only, world no access - `UMASK=077` File: 600 | Folder: 700 This measn Owner read/write and group/world no access resolves #4571 Signed-off-by: BlackDex <black.dex@gmail.com>
		
			
				
	
	
		
			30 lines
		
	
	
		
			748 B
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			30 lines
		
	
	
		
			748 B
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/bin/sh
 | |
| 
 | |
| if [ -n "${UMASK}" ]; then
 | |
|     umask "${UMASK}"
 | |
| fi
 | |
| 
 | |
| if [ -r /etc/vaultwarden.sh ]; then
 | |
|     . /etc/vaultwarden.sh
 | |
| elif [ -r /etc/bitwarden_rs.sh ]; then
 | |
|     echo "### You are using the old /etc/bitwarden_rs.sh script, please migrate to /etc/vaultwarden.sh ###"
 | |
|     . /etc/bitwarden_rs.sh
 | |
| fi
 | |
| 
 | |
| if [ -d /etc/vaultwarden.d ]; then
 | |
|     for f in /etc/vaultwarden.d/*.sh; do
 | |
|         if [ -r "${f}" ]; then
 | |
|             . "${f}"
 | |
|         fi
 | |
|     done
 | |
| elif [ -d /etc/bitwarden_rs.d ]; then
 | |
|     echo "### You are using the old /etc/bitwarden_rs.d script directory, please migrate to /etc/vaultwarden.d ###"
 | |
|     for f in /etc/bitwarden_rs.d/*.sh; do
 | |
|         if [ -r "${f}" ]; then
 | |
|             . "${f}"
 | |
|         fi
 | |
|     done
 | |
| fi
 | |
| 
 | |
| exec /vaultwarden "${@}"
 |