Setting permissions for message directory not documented

[gregcorbett]

The Dockerfile makes apache the owner of /var/spool/apel/cloud/ within the container.

Unfortunately, when deploying via docker-compose (and probably ansible as well) the host directory is mounted into the container, which overwrites the permissions set into the image at build time.

As a result, the person deploying the REST interface via those methods has to ensure the apache user within the container can write to the host directory that has been mounted into the container. Failure to do so prevents the interface saving received messages (returning a 500).

This should at least be documented, but changing the permissions of the mounted-in host directory could be done automatically as part of the docker/run_on_entry.sh script (at least in theory).

[tofu-rocketry]

What permissions get set when compose or ansible are used?

[gregcorbett]

If /var/spool/apel/cloud/ already exists on the host it will get the existing permissions. If it's not, compose will try and create the directory on the host, giving it 644 and owned by the user that runs compose/the container (essentially root).