From 7b166aaaf52c2bee7653c39f0ad653bd9796a1c1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 13 Jan 2026 21:29:01 +0000 Subject: [PATCH 1/5] Initial plan From feb7e128eb46ec7b89c8fd10625cdb54fe672d29 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 13 Jan 2026 21:32:31 +0000 Subject: [PATCH 2/5] Add temporary workaround and fix umask in Dockerfile Co-authored-by: kurowski <7466+kurowski@users.noreply.github.com> --- Dockerfile | 5 ++++- local/etc/uceap.d/refresh_content.sh | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 565880c..934a8ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM mcr.microsoft.com/devcontainers/php:8.3 # Change default umask and add user to web group so we can share write permission on web files -RUN sed -i 's/^UMASK\s*022/UMASK 002/' /etc/login.defs +RUN sed -i 's/^UMASK[[:space:]]*022/UMASK\t\t002/' /etc/login.defs RUN usermod -aG www-data vscode # Add glow for formatting command usage output (and because it's just nice) @@ -57,6 +57,9 @@ RUN sed -i 's/Listen\s*80$/# Listen 80/' /etc/apache2/ports.conf # Enable Apache modules RUN a2enmod expires headers rewrite +# Set umask for Apache to ensure group-writable files +RUN echo "umask 002" >> /etc/apache2/envvars + # Install terminus RUN curl -L https://github.com/pantheon-systems/terminus/releases/latest/download/terminus.phar --output /usr/local/bin/terminus \ && chmod +x /usr/local/bin/terminus \ diff --git a/local/etc/uceap.d/refresh_content.sh b/local/etc/uceap.d/refresh_content.sh index e45d888..fc9af4f 100644 --- a/local/etc/uceap.d/refresh_content.sh +++ b/local/etc/uceap.d/refresh_content.sh @@ -18,6 +18,8 @@ function refresh_content() { # no-same-permissions doesn't seem to work so we fix it here sudo find web/sites/default/files -type d -exec chmod g+ws {} + sudo find web/sites/default/files -type f -exec chmod g+w {} + + # Temporary workaround: ensure group write permissions for logging + chmod -R g+w web/sites/default/files db-rebuild.sh $DATABASE_BACKUP From b86d5f65a4ab701f7e635ed38af24b75d7cc68cc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 13 Jan 2026 21:34:25 +0000 Subject: [PATCH 3/5] Improve comment for temporary workaround Co-authored-by: kurowski <7466+kurowski@users.noreply.github.com> --- local/etc/uceap.d/refresh_content.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/local/etc/uceap.d/refresh_content.sh b/local/etc/uceap.d/refresh_content.sh index fc9af4f..e044ebc 100644 --- a/local/etc/uceap.d/refresh_content.sh +++ b/local/etc/uceap.d/refresh_content.sh @@ -18,7 +18,7 @@ function refresh_content() { # no-same-permissions doesn't seem to work so we fix it here sudo find web/sites/default/files -type d -exec chmod g+ws {} + sudo find web/sites/default/files -type f -exec chmod g+w {} + - # Temporary workaround: ensure group write permissions for logging + # TODO: Temporary workaround for umask issue - remove once Dockerfile umask fix is verified chmod -R g+w web/sites/default/files db-rebuild.sh $DATABASE_BACKUP From 67e626afbfe0eaba0d313d8863954b15b843fe2f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 13 Jan 2026 21:38:25 +0000 Subject: [PATCH 4/5] Use pam_umask instead of /etc/login.defs for umask setting Co-authored-by: kurowski <7466+kurowski@users.noreply.github.com> --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 934a8ab..00fa180 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ FROM mcr.microsoft.com/devcontainers/php:8.3 # Change default umask and add user to web group so we can share write permission on web files -RUN sed -i 's/^UMASK[[:space:]]*022/UMASK\t\t002/' /etc/login.defs +# Configure pam_umask to set umask to 002 (works regardless of /etc/login.defs content) +RUN sed -i 's/session optional\s*pam_umask.so$/session optional\t\t\tpam_umask.so umask=002/' /etc/pam.d/common-session \ + && sed -i 's/session optional\s*pam_umask.so$/session optional\t\t\tpam_umask.so umask=002/' /etc/pam.d/common-session-noninteractive RUN usermod -aG www-data vscode # Add glow for formatting command usage output (and because it's just nice) From 6a7cb837d7e65e43ce68dbe89dd58c850d0b3ded Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 13 Jan 2026 21:40:31 +0000 Subject: [PATCH 5/5] Simplify pam_umask sed pattern for better robustness Co-authored-by: kurowski <7466+kurowski@users.noreply.github.com> --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 00fa180..90a91a3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,8 @@ FROM mcr.microsoft.com/devcontainers/php:8.3 # Change default umask and add user to web group so we can share write permission on web files # Configure pam_umask to set umask to 002 (works regardless of /etc/login.defs content) -RUN sed -i 's/session optional\s*pam_umask.so$/session optional\t\t\tpam_umask.so umask=002/' /etc/pam.d/common-session \ - && sed -i 's/session optional\s*pam_umask.so$/session optional\t\t\tpam_umask.so umask=002/' /etc/pam.d/common-session-noninteractive +RUN sed -i 's/pam_umask\.so/pam_umask.so umask=002/' /etc/pam.d/common-session \ + && sed -i 's/pam_umask\.so/pam_umask.so umask=002/' /etc/pam.d/common-session-noninteractive RUN usermod -aG www-data vscode # Add glow for formatting command usage output (and because it's just nice)