fix(customize) sets permissions in line with Kong install

[Tieske]

When using the customize feature, anything installed will be owned by root. This updates the files to be identically owned as the original Kong installed plugins.

Here's after a customize run (the readme example), installing 2 plugins:

s$ docker run -it --rm kong_custom /bin/bash
bash-5.1$ cd /usr/local/share/lua/5.1/kong/plugins
bash-5.1$ ls -la
total 172
drwxr-xr-x    1 1000     1000          4096 Nov 16 12:25 .
drwxr-xr-x    1 1000     1000          4096 Nov 13 05:49 ..
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 acl
drwxr-xr-x    4 1000     1000          4096 Nov 13 05:49 acme
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 aws-lambda
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 azure-functions
-rw-r--r--    1 1000     1000          1288 Sep 28 18:54 base_plugin.lua
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 basic-auth
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 bot-detection
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 correlation-id
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 cors
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 datadog
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 file-log
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 grpc-gateway
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 grpc-web
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 hmac-auth
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 http-log
drwxr-xr-x    2 root     root          4096 Nov 16 12:25 http-to-https
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 ip-restriction
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 jwt
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 key-auth
drwxr-xr-x    2 root     root          4096 Nov 16 12:25 kong-upstream-jwt
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 ldap-auth
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 log-serializers
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 loggly
drwxr-xr-x    4 1000     1000          4096 Nov 13 05:49 oauth2
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 post-function
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 pre-function
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 prometheus
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 proxy-cache
drwxr-xr-x    4 1000     1000          4096 Nov 13 05:49 rate-limiting
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 request-size-limiting
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 request-termination
drwxr-xr-x    3 1000     1000          4096 Nov 13 05:49 request-transformer
drwxr-xr-x    4 1000     1000          4096 Nov 13 05:49 response-ratelimiting
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 response-transformer
drwxr-xr-x    4 1000     1000          4096 Nov 13 05:49 session
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 statsd
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 syslog
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 tcp-log
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 udp-log
drwxr-xr-x    2 1000     1000          4096 Nov 13 05:49 zipkin
bash-5.1$

[Tieske]

@gszr maybe this can be changed to chown kong:kong. wdyt?

[hutchic]

what about s/1000/id -u/g

[Tieske]

@hutchic sorry, didn't get that?

[hutchic]

instead of assuming 1000:1000 can we get the uid:gid with the id command?

[Tieske]

so I tried this:

KUSR=$(id -u kong)
KGRP=$(id -g kong)
find /usr/local/share/lua/5.1/          -type f -exec chown $KUSR:$KGRP "{}" +
find /usr/local/share/lua/5.1/          -type d -exec chown $KUSR:$KGRP "{}" +

But the result is

/usr/local/share/lua/5.1 $ ls -l
total 344
-rw-r--r--    1 kong     nogroup      29426 Dec 15 18:19 MessagePack.lua
-rw-r--r--    1 kong     nogroup       2788 Dec 15 18:19 ansicolors.lua
-rw-r--r--    1 kong     nogroup      12069 Dec 15 18:19 binaryheap.lua
drwxr-xr-x    1 kong     nogroup       4096 Dec 17 19:24 cassandra
-rw-r--r--    1 kong     nogroup      32158 Dec 15 18:19 date.lua
-rw-r--r--    1 kong     nogroup      10591 Dec 15 18:19 etlua.lua
-rw-r--r--    1 kong     nogroup      10167 Dec 15 18:19 ffi-zlib.lua
-rw-r--r--    1 kong     nogroup       9543 Dec 15 18:19 inspect.lua

Which I find weird, originally it was;

/usr/local/share/lua/5.1 $ ls -l
total 296
-rw-r--r--    1 1000     1000         29426 Dec 15 18:19 MessagePack.lua
-rw-r--r--    1 1000     1000          2788 Dec 15 18:19 ansicolors.lua
-rw-r--r--    1 1000     1000         12069 Dec 15 18:19 binaryheap.lua
drwxr-xr-x    2 1000     1000          4096 Dec 17 19:24 cassandra
-rw-r--r--    1 1000     1000         32158 Dec 15 18:19 date.lua
-rw-r--r--    1 1000     1000         10591 Dec 15 18:19 etlua.lua
-rw-r--r--    1 1000     1000         10167 Dec 15 18:19 ffi-zlib.lua
-rw-r--r--    1 1000     1000          9543 Dec 15 18:19 inspect.lua

Using the id command on alpine gives me this:

/usr/local/share/lua/5.1 $ id -u kong
100
/usr/local/share/lua/5.1 $ id -g kong
65533

Not sure where we do it, but seems we set the ownership to 1000:1000, and not to kong:kong in the original docker builds.

So how should this customize behave?

[gszr]

Hey @Tieske. Is this change still needed? How does it relate to #546? Can one or both be closed if no longer required?

[Tieske]

needs updating after #632 gets merged

[hbagdi]

Closing this due to lack of activity. Please re-open if needed.

[Tieske]

This is still needed. It's just that #632 has been a moving target, so that needs fixing first