Fix #187: in openshift fix redis-session.ini permission denied

[antoinetran]

Description of the change

Benefits

Possible drawbacks

Applicable issues

• fixes /entrypoint.sh: line 192: php/conf.d/redis-session.ini: Permission denied for non-root container #187

Additional information

Checklist

• I have read the CONTRIBUTING.md doc.
• DCO has been signed off on the commit.
• Chart version bumped in Chart.yaml according to semver.
• (optional) Parameters are documented in the README.md

[lindhe]

I suggest changing the PR title. This has nothing to do with OpenShift.

- Fix #187: in openshift fix redis-session.ini permission denied
+ Fix redis-session.ini permission denied

And if you mention Fixes #187 in the PR body and/or the commit body (not the title), then that will link this PR to that issue.

[antoinetran]

I suggest changing the PR title. This has nothing to do with OpenShift.

- Fix #187: in openshift fix redis-session.ini permission denied
+ Fix redis-session.ini permission denied

This is an issue that happens 99% of case in OpenShift environment, because generally in any other Kubernetes deployment, we can run as root. It could happen to people who try to secure their non OpenShift Kubernetes, but otherway, for me it is very linked to OpenShift. However, I have no issue with removing openshit label in commit!

And if you mention Fixes #187 in the PR body and/or the commit body (not the title), then that will link this PR to that issue.

I don't know what is the "standard way" in nextcloud, but I looked at other commit in this repository, and it seems mostly the issue are in title. And the PR is linked in the related issue. But if the best practice in this repository is to put in commit body, ok for me!

[lindhe]

I don't know what is the "standard way" in nextcloud, but I looked at other commit in this repository, and it seems mostly the issue are in title. And the PR is linked in the related issue. But if the best practice in this repository is to put in commit body, ok for me!

It's just how GitHub works, not particular to this repo. But Nextcloud seem to embrace it too, since they indicate it in the PR template that you missed filling in:

Here's docs for how Github handles keywords in PRs: https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/using-keywords-in-issues-and-pull-requests

[lindhe]

This is an issue that happens 99% of case in OpenShift environment, because generally in any other Kubernetes deployment, we can run as root. It could happen to people who try to secure their non OpenShift Kubernetes, but otherway, for me it is very linked to OpenShift.

As you say; this is only an issue if one tries to run the Nextcloud deployment as non-root. So anyone that wants to run Nextcloud as non-root in Kubernetes will run into the issue, not just if they use OpenShift. Any well-configured Kubernetes environment may have PSA/PSS in place enforcing this, and any security minded individual may choose to deploy rootless anyway. So it's not at all specific to OpenShift, even if it obviously applies there too.

[antoinetran]

I suggest changing the PR title. This has nothing to do with OpenShift.

- Fix #187: in openshift fix redis-session.ini permission denied
+ Fix redis-session.ini permission denied

And if you mention Fixes #187 in the PR body and/or the commit body (not the title), then that will link this PR to that issue.

done