Refactor entrypoint.sh to verify SSL certificate permissions

- Updated the script to check current ownership and permissions of the Let's Encrypt SSL certificate before making changes, enhancing safety and clarity in the configuration process. - Added conditional statements to only update ownership and permissions if necessary, improving efficiency and reducing unnecessary operations.
serversideup · Jan 9, 2025 · d506ce2 · d506ce2
1 parent 4efcc4e
commit d506ce2
Showing 1 changed file with 15 additions and 4 deletions.
diff --git a/src/entrypoint.sh b/src/entrypoint.sh
@@ -31,10 +31,21 @@ if [ -n "$FTP_MASQUERADE_ADDRESS" ]; then
     echo "✅ MasqueradeAddress added to proftpd.conf"
 
     if [ -d "/etc/letsencrypt/live/$FTP_MASQUERADE_ADDRESS" ]; then
-        echo "ℹ️ Let's Encrypt SSL certificate found. Setting proper permissions..."
-        chown -R "${FTP_USER}" "/etc/letsencrypt/live/$FTP_MASQUERADE_ADDRESS"
-        chmod -R 640 "/etc/letsencrypt/live/$FTP_MASQUERADE_ADDRESS"
-        echo "✅ Let's Encrypt SSL certificate permissions set"
+        echo "ℹ️ Let's Encrypt SSL certificate found. Checking permissions..."
+        current_owner=$(stat -c '%U' "/etc/letsencrypt/live/$FTP_MASQUERADE_ADDRESS")
+        current_perms=$(stat -c '%a' "/etc/letsencrypt/live/$FTP_MASQUERADE_ADDRESS")
+
+        if [ "$current_owner" != "$FTP_USER" ]; then
+            echo "Updating ownership to ${FTP_USER}..."
+            chown -R "${FTP_USER}" "/etc/letsencrypt/live/$FTP_MASQUERADE_ADDRESS"
+        fi
+
+        if [ "$current_perms" != "640" ]; then
+            echo "Updating permissions to 640..."
+            chmod -R 640 "/etc/letsencrypt/live/$FTP_MASQUERADE_ADDRESS"
+        fi
+
+        echo "✅ Let's Encrypt SSL certificate permissions verified"
     fi
 else
     echo "ℹ️ FTP_MASQUERADE_ADDRESS is not set. Skipping MasqueradeAddress configuration."