From e333427f94313c5c12b6796f75de70db9bb5affe Mon Sep 17 00:00:00 2001
From: Adrian Gebhart <adrian@pestotoast.de>
Date: Mon, 6 Dec 2021 13:18:09 +0100
Subject: [PATCH 1/3] fix docker permissions, check if group id already exists
 before adding a group

Signed-off-by: Adrian Gebhart <adrian@pestotoast.de>
---
 Containers/mastercontainer/start.sh | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 Containers/mastercontainer/start.sh

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
old mode 100644
new mode 100755
index 55921926..6b274ad1
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -15,9 +15,20 @@ elif ! mountpoint -q "/mnt/docker-aio-config"; then
     exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
-    GROUP="$(stat -c '%g' /var/run/docker.sock)"
-    groupadd -g "$GROUP" docker && \
-    usermod -aG docker www-data
+
+    DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
+    DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
+    # check if a group with the same group id of /var/run/docker.socket already exists in the container
+    if grep -q "^$DOCKER_GROUP:" /etc/group; then
+            #if yes, add www-data to that group
+            echo "Adding internal www-data to group $DOCKER_GROUP"
+            usermod -aG "$DOCKER_GROUP" www-data
+        else
+            #if the group doesn't exist, create it
+            echo "Creating docker group internally with id $DOCKER_GROUP_ID"
+            groupadd -g "$DOCKER_GROUP_ID" docker
+            usermod -aG docker www-data
+    fi
     if ! sudo -u www-data test -r /var/run/docker.sock; then
         echo "Docker socket is not readable by the www-data user. Cannot continue."
         exit 1

From 49ea222a22b4eb3b20ef4091b9b14360e1b74ad4 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 6 Dec 2021 16:38:19 +0100
Subject: [PATCH 2/3] fix indentation and improve comments

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 6b274ad1..7e0eac97 100755
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -15,19 +15,18 @@ elif ! mountpoint -q "/mnt/docker-aio-config"; then
     exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
-
     DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
     DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
-    # check if a group with the same group id of /var/run/docker.socket already exists in the container
+    # Check if a group with the same group id of /var/run/docker.socket already exists in the container
     if grep -q "^$DOCKER_GROUP:" /etc/group; then
-            #if yes, add www-data to that group
-            echo "Adding internal www-data to group $DOCKER_GROUP"
-            usermod -aG "$DOCKER_GROUP" www-data
-        else
-            #if the group doesn't exist, create it
-            echo "Creating docker group internally with id $DOCKER_GROUP_ID"
-            groupadd -g "$DOCKER_GROUP_ID" docker
-            usermod -aG docker www-data
+        # If yes, add www-data to that group
+        echo "Adding internal www-data to group $DOCKER_GROUP"
+        usermod -aG "$DOCKER_GROUP" www-data
+    else
+        # If the group doesn't exist, create it
+        echo "Creating docker group internally with id $DOCKER_GROUP_ID"
+        groupadd -g "$DOCKER_GROUP_ID" docker
+        usermod -aG docker www-data
     fi
     if ! sudo -u www-data test -r /var/run/docker.sock; then
         echo "Docker socket is not readable by the www-data user. Cannot continue."

From 47a022b2e38b003aa5f805f746f1dd4c3ae4b32b Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Mon, 6 Dec 2021 16:39:39 +0100
Subject: [PATCH 3/3] root user should always be able to write to the socket
 but leave the check there just in case

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/watchtower/start.sh | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/Containers/watchtower/start.sh b/Containers/watchtower/start.sh
index 4a83bc26..34b7b7a8 100644
--- a/Containers/watchtower/start.sh
+++ b/Containers/watchtower/start.sh
@@ -5,14 +5,8 @@ if ! [ -a "/var/run/docker.sock" ]; then
     echo "Docker socket is not available. Cannot continue."
     exit 1
 elif ! test -r /var/run/docker.sock; then
-    echo "Trying to fix docker.sock permissions internally..."
-    GROUP="$(stat -c '%g' /var/run/docker.sock)"
-    groupadd -g "$GROUP" docker && \
-    usermod -aG docker root
-    if ! test -r /var/run/docker.sock; then
-        echo "Docker socket is not readable by the root user. Cannot continue."
-        exit 1
-    fi
+    echo "Docker socket is not readable by the root user. Cannot continue."
+    exit 1
 fi
 
 if [ -n "$CONTAINER_TO_UPDATE" ]; then