Permissions check unnecessarily slow (>15 mins) and IO heavy

[ohthehugemanatee]

Expected Behavior

Startup tasks should finish within 15 minutes, even with large filesystems mounted under /config/www (for example when using Linuxserver Nextcloud which inherits from this image.

Current Behavior

Startup script 20-permissions uses recursive chmod commands to check/set file/directory permissions. Chmod runs the fchmodat system call on every file it finds, requiring a disk write for every file in your filesystem. A hundred thousand files on a spinning disk or remote filesystem can easily take > 15 minutes.

Steps to Reproduce

1. Start this container with a remote filesystem with tens of thousands of files mounted at /config/www. Consider downloading the codebase and deps for a few webapps to simulate one of the downstream projects with user content.
2. run time ./20-permissions

Tell us what should happen

Downstream image docker-bookstack already solved this problem for their own startup script by converting the chown statement on their data directory to use find -exec instead. This approach first reads file metadata from the in-memory filesystem cache, and only performs writes when necessary. It offers an order-of-magnitude speed improvement, even in the worst case scenario with an unprimed cache and slow remote filesystem.

Environment

OS: Ubuntu 22.04 (but it would be worse on Windows)
CPU architecture: x86_64/arm64
How docker service was installed: from docker official scripts, or from apt, or even with podman - doesn't affect the problem

Command used to create docker container (run/create/compose/screenshot)

---
version: "2.1"
volumes:
  nfs:
    driver: local
    driver_opts:
      type: nfs
      o: addr=192.168.1.1,rw
      device: ":/path/to/dir"
services:
  baseimage:
    image: lscr.io/linuxserver/docker-baseimage-alpine-nginx:latest
    container_name: baseimage
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /path/to/appdata:/config
      - nfs:/config/www

Docker logs

[custom-init] No custom services found, skipping...
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service 00-legacy: starting
s6-rc: info: service 00-legacy successfully started
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/01-envfile
cont-init: info: /etc/cont-init.d/01-envfile exited 0
cont-init: info: running /etc/cont-init.d/01-migrations
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
cont-init: info: /etc/cont-init.d/01-migrations exited 0
cont-init: info: running /etc/cont-init.d/10-adduser

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    1000
-------------------------------------

cont-init: info: /etc/cont-init.d/10-adduser exited 0
cont-init: info: running /etc/cont-init.d/11-folders
cont-init: info: /etc/cont-init.d/11-folders exited 0
cont-init: info: running /etc/cont-init.d/12-samples
cont-init: info: /etc/cont-init.d/12-samples exited 0
cont-init: info: running /etc/cont-init.d/13-nginx
cont-init: info: /etc/cont-init.d/13-nginx exited 0
cont-init: info: running /etc/cont-init.d/14-php
cont-init: info: /etc/cont-init.d/14-php exited 0
cont-init: info: running /etc/cont-init.d/15-keygen
using keys found in /config/keys
cont-init: info: /etc/cont-init.d/15-keygen exited 0
cont-init: info: running /etc/cont-init.d/20-permissions

[github-actions]

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!