Tuning what needs to be chowned

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

@@ -7,7 +7,29 @@ set -e
 SKIP_FILE_OWNERSHIP=$(echo "${SKIP_FILE_OWNERSHIP:-}" | tr '[:upper:]' '[:lower:]')
 
 if [ "$SKIP_FILE_OWNERSHIP" == "true" ] || [ "$SKIP_FILE_OWNERSHIP" == "on" ] || [ "$SKIP_FILE_OWNERSHIP" == "1" ] || [ "$SKIP_FILE_OWNERSHIP" == "yes" ]; then
-    log_info 'Skipping ownership, use only with caution ...'
+    log_info 'Skipping data and letsencrypt ownership, use only with caution ...'
+    # root
+    chown -R "$PUID:$PGID" /run/nginx
+    chown -R "$PUID:$PGID" /tmp/nginx
+    chown -R "$PUID:$PGID" /var/cache/nginx
+    chown -R "$PUID:$PGID" /var/lib/logrotate
+    chown -R "$PUID:$PGID" /var/lib/nginx
+    chown -R "$PUID:$PGID" /var/log/nginx
+    
+    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
+    chown -R "$PUID:$PGID" /etc/nginx/nginx
+    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+    chown -R "$PUID:$PGID" /etc/nginx/conf.d
+    
+    # Don't chown entire /etc/nginx folder as this causes crashes on some systems
+    chown -R "$PUID:$PGID" /etc/nginx/nginx
+    chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
+    chown -R "$PUID:$PGID" /etc/nginx/conf.d
+    
+    # Prevents errors when installing python certbot plugins when non-root
+    chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+    find /opt/certbot/lib/python*/site-packages -not -user "$PUID" -execdir chown "$PUID:$PGID" {} \+
+    
 else
     log_info 'Setting ownership ...'
       # root