Adjust "/var/run/postgresql" permissions for arbitrary-user support

9.2/Dockerfile

@@ -54,7 +54,7 @@ RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/post
 	&& ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \
 	&& sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.2/alpine/Dockerfile

@@ -161,7 +161,7 @@ RUN set -ex \
 # make the sample config easier to munge (and "correct by default")
 RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.2/alpine/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

9.2/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

9.3/Dockerfile

@@ -54,7 +54,7 @@ RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/post
 	&& ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \
 	&& sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.3/alpine/Dockerfile

@@ -161,7 +161,7 @@ RUN set -ex \
 # make the sample config easier to munge (and "correct by default")
 RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.3/alpine/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

9.3/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

9.4/Dockerfile

@@ -54,7 +54,7 @@ RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/post
 	&& ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \
 	&& sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.4/alpine/Dockerfile

@@ -134,7 +134,7 @@ RUN set -ex \
 # make the sample config easier to munge (and "correct by default")
 RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.4/alpine/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

9.4/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

9.5/Dockerfile

@@ -54,7 +54,7 @@ RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/post
 	&& ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \
 	&& sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.5/alpine/Dockerfile

@@ -134,7 +134,7 @@ RUN set -ex \
 # make the sample config easier to munge (and "correct by default")
 RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.5/alpine/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

9.5/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

9.6/Dockerfile

@@ -54,7 +54,7 @@ RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/post
 	&& ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \
 	&& sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.6/alpine/Dockerfile

@@ -134,7 +134,7 @@ RUN set -ex \
 # make the sample config easier to munge (and "correct by default")
 RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

9.6/alpine/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

9.6/docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

Dockerfile-alpine.template

@@ -136,7 +136,7 @@ RUN set -ex \
 # make the sample config easier to munge (and "correct by default")
 RUN sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

Dockerfile-debian.template

@@ -54,7 +54,7 @@ RUN mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/post
 	&& ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \
 	&& sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample
 
-RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod g+s /var/run/postgresql
+RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
 
 ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH
 ENV PGDATA /var/lib/postgresql/data

docker-entrypoint.sh

@@ -35,7 +35,7 @@ if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
 
 	mkdir -p /var/run/postgresql
 	chown -R postgres /var/run/postgresql
-	chmod g+s /var/run/postgresql
+	chmod 775 /var/run/postgresql
 
 	# Create the transaction log directory before initdb is run (below) so the directory is owned by the correct user
 	if [ "$POSTGRES_INITDB_XLOGDIR" ]; then

update.sh

@@ -46,17 +46,21 @@ for version in "${versions[@]}"; do
 			case "$version" in
 				9.2|9.3)
 					uuidConfigFlag='--with-ossp-uuid'
-					sed -i 's/%%OSSP_UUID_ENV_VARS%%/ENV OSSP_UUID_VERSION '"$osspUuidVersion"'\nENV OSSP_UUID_SHA256 '"$osspUuidHash"'\n/' "$version/$variant/Dockerfile"
-					sed -i $'/%%INSTALL_OSSP_UUID%%/ {r ossp-uuid.template\n d}' "$version/$variant/Dockerfile"
+					sed -i \
+						-e 's/%%OSSP_UUID_ENV_VARS%%/ENV OSSP_UUID_VERSION '"$osspUuidVersion"'\nENV OSSP_UUID_SHA256 '"$osspUuidHash"'\n/' \
+						-e $'/%%INSTALL_OSSP_UUID%%/ {r ossp-uuid.template\n d}' \
+						"$version/$variant/Dockerfile"
 
 					# configure: WARNING: unrecognized options: --enable-tap-tests
 					sed -i '/--enable-tap-tests/d' "$version/$variant/Dockerfile"
 					;;
 
 				*)
 					uuidConfigFlag='--with-uuid=e2fs'
-					sed -i '/%%OSSP_UUID_ENV_VARS%%/d' "$version/$variant/Dockerfile"
-					sed -i '/%%INSTALL_OSSP_UUID%%/d' "$version/$variant/Dockerfile"
+					sed -i \
+						-e '/%%OSSP_UUID_ENV_VARS%%/d' \
+						-e '/%%INSTALL_OSSP_UUID%%/d' \
+						"$version/$variant/Dockerfile"
 					;;
 			esac
 			sed -i 's/%%UUID_CONFIG_FLAG%%/'"$uuidConfigFlag"'/' "$version/$variant/Dockerfile"