From 95145d9b15eabeae5dc819de78839606aacc67fb Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Fri, 3 Dec 2021 12:42:10 +0100
Subject: [PATCH 1/2] adjust the readme

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 readme.md | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/readme.md b/readme.md
index 17474e53..860f2cc7 100644
--- a/readme.md
+++ b/readme.md
@@ -20,17 +20,12 @@ Included are:
 ```
 curl -fsSL get.docker.com | sudo sh
 ```
-2. Make sure that the docker group has the correct groupid:
-
-```
-sudo groupmod -g 998 docker
-```
-3. Make sure to pull the latest image:
+2. Make sure to pull the latest image:
 
 ```
 sudo docker pull nextcloud/all-in-one:latest
 ```
-4. Run the following command in order to start the container:
+3. Run the following command in order to start the container:
 
 ```
 sudo docker run -it \
@@ -43,7 +38,7 @@ sudo docker run -it \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
 nextcloud/all-in-one:latest
 ```
-5. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
+4. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
 E.g. https://internal.ip.of.this.server:8080<br>
 If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatially by opening the Nextcloud AIO Interface via:<br>
 https://your-domain-that-points-to-this-server.tld:8443

From e7ff0e2615b30277c72d700f4bfebc6b853887dd Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Fri, 3 Dec 2021 13:13:51 +0100
Subject: [PATCH 2/2] fix the mastercontainer

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/Dockerfile |  3 ++-
 Containers/mastercontainer/cron.sh    |  2 +-
 Containers/mastercontainer/start.sh   | 26 ++++++++++++--------------
 3 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 5920c5b6..a07aa688 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -28,7 +28,8 @@ RUN curl "https://caddyserver.com/api/download?os=linux&arch=amd64" -o "/usr/bin
 
 RUN cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud/all-in-one.git .; \
-    chmod 770 -R ./
+    chmod 770 -R ./; \
+    chown www-data:www-data -R ./
 
 RUN mkdir -p /etc/apache2/certs && \
     cd /etc/apache2/certs && \
diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh
index 4b2b0838..31e1d619 100644
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -2,6 +2,6 @@
 set -eu
 
 while true; do
-    php /var/www/docker-aio/php/src/Cron/cron.php
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/cron.php
     sleep 1d
 done
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index 0d064693..64135ae8 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -10,27 +10,17 @@ print_green() {
 if ! [ -a "/var/run/docker.sock" ]; then
     echo "Docker socket is not available. Cannot continue."
     exit 1
-elif ! test -r /var/run/docker.sock; then
+elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
     GROUP="$(stat -c '%g' /var/run/docker.sock)"
     groupadd -g "$GROUP" docker && \
-    usermod -aG docker root
-    if ! test -r /var/run/docker.sock; then
-        echo "Docker socket is not readable by the root user. Cannot continue."
+    usermod -aG docker www-data
+    if ! sudo -u www-data test -r /var/run/docker.sock; then
+        echo "Docker socket is not readable by the www-data user. Cannot continue."
         exit 1
     fi
 fi
 
-# Adjust permissions for all instances
-chown root:root -R /mnt/docker-aio-config
-chmod 770 -R /mnt/docker-aio-config
-
-# Check if volume is writeable
-if ! [ -w /mnt/docker-aio-config ]; then
-    echo "/mnt/docker-aio-config is not writeable."
-    exit 1
-fi
-
 # Check if api version is supported
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
 API_VERSION="$(grep -oP 'const API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP [0-9]+.[0-9]+ | head -1)"
@@ -50,6 +40,14 @@ fi
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/
 mkdir -p /mnt/docker-aio-config/caddy/
+mkdir -p /mnt/docker-aio-config/certs/ 
+
+# Adjust permissions for all instances
+chmod 770 -R /mnt/docker-aio-config
+chown www-data:www-data -R /mnt/docker-aio-config/data/
+chown www-data:www-data -R /mnt/docker-aio-config/session/
+chown root:root -R /mnt/docker-aio-config/caddy/
+chown root:root -R /mnt/docker-aio-config/certs/
 
 # Adjust certs
 GENERATED_CERTS="/mnt/docker-aio-config/certs"