[misc] narrow down the rw accessible directories for the run user (#119)

server-ce/Dockerfile

@@ -26,7 +26,7 @@ ADD ${baseDir}/git-revision.sh /var/www/git-revision.sh
 RUN cd /var/www && npm install
 
 
-# Replace overleaf/config/services.js with the list of available 
+# Replace overleaf/config/services.js with the list of available
 # services in Overleaf Community Edition
 # --------------------------------------------------------------
 ADD ${baseDir}/services.js /var/www/sharelatex/config/services.js
@@ -49,11 +49,6 @@ RUN bash -c 'cd /var/www/sharelatex && source ./bin/compile-services'
 RUN ln -s /var/www/sharelatex/clsi/bin/synctex /opt/synctex
 
 
-# Change application ownership to www-data
-# ----------------------------------------
-RUN	chown -R www-data:www-data /var/www/sharelatex;
-
-
 # Copy runit service startup scripts to its location
 # --------------------------------------------------
 ADD ${baseDir}/runit /etc/service

server-ce/init_scripts/00_make_sharelatex_data_dirs.sh

@@ -26,8 +26,6 @@ chown www-data:www-data /var/lib/sharelatex/tmp/uploads
 mkdir -p /var/lib/sharelatex/tmp/dumpFolder
 chown www-data:www-data /var/lib/sharelatex/tmp/dumpFolder
 
-chown www-data:www-data /var/www/
-
 if [ ! -e "/var/lib/sharelatex/data/db.sqlite" ]; then
        touch /var/lib/sharelatex/data/db.sqlite
 fi