Keep /var/www/html/ and identities owned by root, so nobody else can write
diff --git a/nginx/Dockerfile.entrypoint b/nginx/Dockerfile.entrypoint
index 515301c..05e17b4 100644
--- a/nginx/Dockerfile.entrypoint
+++ b/nginx/Dockerfile.entrypoint
@@ -29,7 +29,7 @@
done
}
-chown -R nginx:nginx /var/www/html/
+chown -R root:root /var/www/html/
chmod -R a-w /etc/nginx/certs/ /etc/nginx/conf.d/sa.conf /var/www/html/
diff --git a/simpleid/Dockerfile.entrypoint b/simpleid/Dockerfile.entrypoint
index fd85408..6678240 100644
--- a/simpleid/Dockerfile.entrypoint
+++ b/simpleid/Dockerfile.entrypoint
@@ -23,10 +23,11 @@
chown -R www-data:www-data /var/cache/simpleid/
chown -R www-data:www-data /var/lib/simpleid/
-chown -R www-data:www-data /var/db/simpleid/
-chown -R www-data:www-data /var/www/html/
chown -R www-data:www-data /var/log/
+chown -R root:root /var/db/simpleid/
+chown -R root:root /var/www/html/
+
chmod -R a-w /var/db/simpleid/ /var/www/html/
exec docker-php-entrypoint php-fpm "$@"