From 403aefdf9b549d8f3df797e2284889d22a344dd5 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 9 Jun 2020 13:26:02 -0700
Subject: [PATCH] Pre-create "wp-content" (and subdirectories) with wide
 permissions for users who bind-mount directly into them

---
 Dockerfile-alpine.template             | 13 +++++++++++--
 Dockerfile-cli.template                |  3 ++-
 Dockerfile-debian.template             | 13 +++++++++++--
 docker-entrypoint.sh                   |  2 +-
 php7.2/apache/Dockerfile               | 13 +++++++++++--
 php7.2/apache/docker-entrypoint.sh     |  2 +-
 php7.2/cli/Dockerfile                  |  3 ++-
 php7.2/fpm-alpine/Dockerfile           | 13 +++++++++++--
 php7.2/fpm-alpine/docker-entrypoint.sh |  2 +-
 php7.2/fpm/Dockerfile                  | 13 +++++++++++--
 php7.2/fpm/docker-entrypoint.sh        |  2 +-
 php7.3/apache/Dockerfile               | 13 +++++++++++--
 php7.3/apache/docker-entrypoint.sh     |  2 +-
 php7.3/cli/Dockerfile                  |  3 ++-
 php7.3/fpm-alpine/Dockerfile           | 13 +++++++++++--
 php7.3/fpm-alpine/docker-entrypoint.sh |  2 +-
 php7.3/fpm/Dockerfile                  | 13 +++++++++++--
 php7.3/fpm/docker-entrypoint.sh        |  2 +-
 php7.4/apache/Dockerfile               | 13 +++++++++++--
 php7.4/apache/docker-entrypoint.sh     |  2 +-
 php7.4/cli/Dockerfile                  |  3 ++-
 php7.4/fpm-alpine/Dockerfile           | 13 +++++++++++--
 php7.4/fpm-alpine/docker-entrypoint.sh |  2 +-
 php7.4/fpm/Dockerfile                  | 13 +++++++++++--
 php7.4/fpm/docker-entrypoint.sh        |  2 +-
 25 files changed, 139 insertions(+), 36 deletions(-)

diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index 44b37586f9..22b20fe8b4 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -68,7 +68,6 @@ RUN { \
 		echo 'html_errors = Off'; \
 	} > /usr/local/etc/php/conf.d/error-logging.ini
 %%VARIANT_EXTRAS%%
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION %%WORDPRESS_VERSION%%
 ENV WORDPRESS_SHA1 %%WORDPRESS_SHA1%%
@@ -79,7 +78,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/Dockerfile-cli.template b/Dockerfile-cli.template
index 3170e75a6a..6de18f9859 100644
--- a/Dockerfile-cli.template
+++ b/Dockerfile-cli.template
@@ -60,7 +60,6 @@ RUN set -ex; \
 	mkdir -p /var/www/html; \
 	chown -R www-data:www-data /var/www/html
 WORKDIR /var/www/html
-VOLUME /var/www/html
 
 # https://make.wordpress.org/cli/2018/05/31/gpg-signature-change/
 # pub   rsa2048 2018-05-31 [SC]
@@ -93,6 +92,8 @@ RUN set -ex; \
 	\
 	wp --allow-root --version
 
+VOLUME /var/www/html
+
 COPY docker-entrypoint.sh /usr/local/bin/
 
 ENTRYPOINT ["docker-entrypoint.sh"]
diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template
index 2d4a9f23e8..3e9562dcc1 100644
--- a/Dockerfile-debian.template
+++ b/Dockerfile-debian.template
@@ -73,7 +73,6 @@ RUN { \
 		echo 'html_errors = Off'; \
 	} > /usr/local/etc/php/conf.d/error-logging.ini
 %%VARIANT_EXTRAS%%
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION %%WORDPRESS_VERSION%%
 ENV WORDPRESS_SHA1 %%WORDPRESS_SHA1%%
@@ -84,7 +83,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(
diff --git a/php7.2/apache/Dockerfile b/php7.2/apache/Dockerfile
index 0ab5f86962..8c74887fec 100644
--- a/php7.2/apache/Dockerfile
+++ b/php7.2/apache/Dockerfile
@@ -91,7 +91,6 @@ RUN set -eux; \
 # (replace all instances of "%h" with "%a" in LogFormat)
 	find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' +
 
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 5.4.1
 ENV WORDPRESS_SHA1 9800c231828eb5cd76ba0b8aa6c1a74dfca2daff
@@ -102,7 +101,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/php7.2/apache/docker-entrypoint.sh b/php7.2/apache/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/php7.2/apache/docker-entrypoint.sh
+++ b/php7.2/apache/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(
diff --git a/php7.2/cli/Dockerfile b/php7.2/cli/Dockerfile
index 571c889229..7ffb7d2b61 100644
--- a/php7.2/cli/Dockerfile
+++ b/php7.2/cli/Dockerfile
@@ -59,7 +59,6 @@ RUN set -ex; \
 	mkdir -p /var/www/html; \
 	chown -R www-data:www-data /var/www/html
 WORKDIR /var/www/html
-VOLUME /var/www/html
 
 # https://make.wordpress.org/cli/2018/05/31/gpg-signature-change/
 # pub   rsa2048 2018-05-31 [SC]
@@ -92,6 +91,8 @@ RUN set -ex; \
 	\
 	wp --allow-root --version
 
+VOLUME /var/www/html
+
 COPY docker-entrypoint.sh /usr/local/bin/
 
 ENTRYPOINT ["docker-entrypoint.sh"]
diff --git a/php7.2/fpm-alpine/Dockerfile b/php7.2/fpm-alpine/Dockerfile
index 4569f7b7da..eb1775b3fc 100644
--- a/php7.2/fpm-alpine/Dockerfile
+++ b/php7.2/fpm-alpine/Dockerfile
@@ -67,7 +67,6 @@ RUN { \
 		echo 'html_errors = Off'; \
 	} > /usr/local/etc/php/conf.d/error-logging.ini
 
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 5.4.1
 ENV WORDPRESS_SHA1 9800c231828eb5cd76ba0b8aa6c1a74dfca2daff
@@ -78,7 +77,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/php7.2/fpm-alpine/docker-entrypoint.sh b/php7.2/fpm-alpine/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/php7.2/fpm-alpine/docker-entrypoint.sh
+++ b/php7.2/fpm-alpine/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(
diff --git a/php7.2/fpm/Dockerfile b/php7.2/fpm/Dockerfile
index c8bf526659..b0442f5093 100644
--- a/php7.2/fpm/Dockerfile
+++ b/php7.2/fpm/Dockerfile
@@ -72,7 +72,6 @@ RUN { \
 		echo 'html_errors = Off'; \
 	} > /usr/local/etc/php/conf.d/error-logging.ini
 
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 5.4.1
 ENV WORDPRESS_SHA1 9800c231828eb5cd76ba0b8aa6c1a74dfca2daff
@@ -83,7 +82,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/php7.2/fpm/docker-entrypoint.sh b/php7.2/fpm/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/php7.2/fpm/docker-entrypoint.sh
+++ b/php7.2/fpm/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(
diff --git a/php7.3/apache/Dockerfile b/php7.3/apache/Dockerfile
index 30312acd41..3c80cec19b 100644
--- a/php7.3/apache/Dockerfile
+++ b/php7.3/apache/Dockerfile
@@ -92,7 +92,6 @@ RUN set -eux; \
 # (replace all instances of "%h" with "%a" in LogFormat)
 	find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' +
 
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 5.4.1
 ENV WORDPRESS_SHA1 9800c231828eb5cd76ba0b8aa6c1a74dfca2daff
@@ -103,7 +102,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/php7.3/apache/docker-entrypoint.sh b/php7.3/apache/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/php7.3/apache/docker-entrypoint.sh
+++ b/php7.3/apache/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(
diff --git a/php7.3/cli/Dockerfile b/php7.3/cli/Dockerfile
index 0989c237a2..b9d56a1bb6 100644
--- a/php7.3/cli/Dockerfile
+++ b/php7.3/cli/Dockerfile
@@ -60,7 +60,6 @@ RUN set -ex; \
 	mkdir -p /var/www/html; \
 	chown -R www-data:www-data /var/www/html
 WORKDIR /var/www/html
-VOLUME /var/www/html
 
 # https://make.wordpress.org/cli/2018/05/31/gpg-signature-change/
 # pub   rsa2048 2018-05-31 [SC]
@@ -93,6 +92,8 @@ RUN set -ex; \
 	\
 	wp --allow-root --version
 
+VOLUME /var/www/html
+
 COPY docker-entrypoint.sh /usr/local/bin/
 
 ENTRYPOINT ["docker-entrypoint.sh"]
diff --git a/php7.3/fpm-alpine/Dockerfile b/php7.3/fpm-alpine/Dockerfile
index d8567e1ec7..90de87996f 100644
--- a/php7.3/fpm-alpine/Dockerfile
+++ b/php7.3/fpm-alpine/Dockerfile
@@ -68,7 +68,6 @@ RUN { \
 		echo 'html_errors = Off'; \
 	} > /usr/local/etc/php/conf.d/error-logging.ini
 
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 5.4.1
 ENV WORDPRESS_SHA1 9800c231828eb5cd76ba0b8aa6c1a74dfca2daff
@@ -79,7 +78,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/php7.3/fpm-alpine/docker-entrypoint.sh b/php7.3/fpm-alpine/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/php7.3/fpm-alpine/docker-entrypoint.sh
+++ b/php7.3/fpm-alpine/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(
diff --git a/php7.3/fpm/Dockerfile b/php7.3/fpm/Dockerfile
index abdf37d942..1e84e419c3 100644
--- a/php7.3/fpm/Dockerfile
+++ b/php7.3/fpm/Dockerfile
@@ -73,7 +73,6 @@ RUN { \
 		echo 'html_errors = Off'; \
 	} > /usr/local/etc/php/conf.d/error-logging.ini
 
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 5.4.1
 ENV WORDPRESS_SHA1 9800c231828eb5cd76ba0b8aa6c1a74dfca2daff
@@ -84,7 +83,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/php7.3/fpm/docker-entrypoint.sh b/php7.3/fpm/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/php7.3/fpm/docker-entrypoint.sh
+++ b/php7.3/fpm/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(
diff --git a/php7.4/apache/Dockerfile b/php7.4/apache/Dockerfile
index 0984fffe1e..fa245ba7f6 100644
--- a/php7.4/apache/Dockerfile
+++ b/php7.4/apache/Dockerfile
@@ -92,7 +92,6 @@ RUN set -eux; \
 # (replace all instances of "%h" with "%a" in LogFormat)
 	find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' +
 
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 5.4.1
 ENV WORDPRESS_SHA1 9800c231828eb5cd76ba0b8aa6c1a74dfca2daff
@@ -103,7 +102,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/php7.4/apache/docker-entrypoint.sh b/php7.4/apache/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/php7.4/apache/docker-entrypoint.sh
+++ b/php7.4/apache/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(
diff --git a/php7.4/cli/Dockerfile b/php7.4/cli/Dockerfile
index cf12fe0ca5..4e784dd0f0 100644
--- a/php7.4/cli/Dockerfile
+++ b/php7.4/cli/Dockerfile
@@ -60,7 +60,6 @@ RUN set -ex; \
 	mkdir -p /var/www/html; \
 	chown -R www-data:www-data /var/www/html
 WORKDIR /var/www/html
-VOLUME /var/www/html
 
 # https://make.wordpress.org/cli/2018/05/31/gpg-signature-change/
 # pub   rsa2048 2018-05-31 [SC]
@@ -93,6 +92,8 @@ RUN set -ex; \
 	\
 	wp --allow-root --version
 
+VOLUME /var/www/html
+
 COPY docker-entrypoint.sh /usr/local/bin/
 
 ENTRYPOINT ["docker-entrypoint.sh"]
diff --git a/php7.4/fpm-alpine/Dockerfile b/php7.4/fpm-alpine/Dockerfile
index 5c3fb0417a..386ecbb31e 100644
--- a/php7.4/fpm-alpine/Dockerfile
+++ b/php7.4/fpm-alpine/Dockerfile
@@ -68,7 +68,6 @@ RUN { \
 		echo 'html_errors = Off'; \
 	} > /usr/local/etc/php/conf.d/error-logging.ini
 
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 5.4.1
 ENV WORDPRESS_SHA1 9800c231828eb5cd76ba0b8aa6c1a74dfca2daff
@@ -79,7 +78,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/php7.4/fpm-alpine/docker-entrypoint.sh b/php7.4/fpm-alpine/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/php7.4/fpm-alpine/docker-entrypoint.sh
+++ b/php7.4/fpm-alpine/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(
diff --git a/php7.4/fpm/Dockerfile b/php7.4/fpm/Dockerfile
index 184a99be0b..a1e70b2173 100644
--- a/php7.4/fpm/Dockerfile
+++ b/php7.4/fpm/Dockerfile
@@ -73,7 +73,6 @@ RUN { \
 		echo 'html_errors = Off'; \
 	} > /usr/local/etc/php/conf.d/error-logging.ini
 
-VOLUME /var/www/html
 
 ENV WORDPRESS_VERSION 5.4.1
 ENV WORDPRESS_SHA1 9800c231828eb5cd76ba0b8aa6c1a74dfca2daff
@@ -84,7 +83,17 @@ RUN set -ex; \
 # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
 	tar -xzf wordpress.tar.gz -C /usr/src/; \
 	rm wordpress.tar.gz; \
-	chown -R www-data:www-data /usr/src/wordpress
+	chown -R www-data:www-data /usr/src/wordpress; \
+# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content
+
+VOLUME /var/www/html
 
 COPY docker-entrypoint.sh /usr/local/bin/
 
diff --git a/php7.4/fpm/docker-entrypoint.sh b/php7.4/fpm/docker-entrypoint.sh
index 4805588cc3..704d68011d 100755
--- a/php7.4/fpm/docker-entrypoint.sh
+++ b/php7.4/fpm/docker-entrypoint.sh
@@ -52,7 +52,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
 		fi
 
 		echo >&2 "WordPress not found in $PWD - copying now..."
-		if [ -n "$(ls -A)" ]; then
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
 			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
 		fi
 		sourceTarArgs=(