Avoid recursive chown/chmod on large recording directories (fixes #368)

On deployments with hundreds of thousands of recording files, the
recursive `chown -R` and `chmod -R` in docker-entrypoint.sh blocked
container startup for hours on spinning disks.

- Only recurse into small directories (config, logs, database, models)
- For recording and data directories, fix the directory entry itself
  without walking its contents
- Add SKIP_PERMISSIONS_CHECK=true env var to bypass entirely
- Replace chmod_recursive() with chmod_path() in mp4_recording_core.c
  since only the output directory needs permission fixes, not every
  file within it

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: matteius

docker-entrypoint.sh

@@ -214,15 +214,33 @@ EOF
     fi
 
     # Ensure proper permissions (may fail on NFS, which is okay)
-    log_info "Setting permissions..."
-    CURRENT_UID="$(id -u)"
-    CURRENT_GID="$(id -g)"
-    chown -R "${CURRENT_UID}:${CURRENT_GID}" /var/lib/lightnvr 2>/dev/null || log_warn "Could not set ownership on /var/lib/lightnvr (may be on NFS)"
-    chown -R "${CURRENT_UID}:${CURRENT_GID}" /etc/lightnvr 2>/dev/null || log_warn "Could not set ownership on /etc/lightnvr (may be on NFS)"
-    chown -R "${CURRENT_UID}:${CURRENT_GID}" /var/log/lightnvr 2>/dev/null || log_warn "Could not set ownership on /var/log/lightnvr"
-    chmod -R 755 /var/lib/lightnvr 2>/dev/null || log_warn "Could not set permissions on /var/lib/lightnvr (may be on NFS)"
-    chmod -R 755 /etc/lightnvr 2>/dev/null || log_warn "Could not set permissions on /etc/lightnvr (may be on NFS)"
-    chmod -R 755 /var/log/lightnvr 2>/dev/null || log_warn "Could not set permissions on /var/log/lightnvr"
+    # Skip entirely if the user opts out via environment variable
+    if [ "${SKIP_PERMISSIONS_CHECK:-false}" = "true" ]; then
+        log_info "Skipping permissions check (SKIP_PERMISSIONS_CHECK=true)"
+    else
+        log_info "Setting permissions..."
+        CURRENT_UID="$(id -u)"
+        CURRENT_GID="$(id -g)"
+
+        # Recursive chown/chmod on small directories only (config, logs, database, models)
+        for dir in /etc/lightnvr /var/log/lightnvr \
+                   /var/lib/lightnvr/data/database /var/lib/lightnvr/data/models; do
+            [ -d "$dir" ] || continue
+            chown -R "${CURRENT_UID}:${CURRENT_GID}" "$dir" 2>/dev/null || log_warn "Could not set ownership on $dir (may be on NFS)"
+            chmod -R 755 "$dir" 2>/dev/null || log_warn "Could not set permissions on $dir (may be on NFS)"
+        done
+
+        # For data directories that may contain hundreds of thousands of recording
+        # files, only fix the directory itself (non-recursive) to avoid an O(n)
+        # walk that can block startup for hours on large deployments (see #368).
+        for dir in /var/lib/lightnvr /var/lib/lightnvr/data \
+                   /var/lib/lightnvr/data/recordings /var/lib/lightnvr/data/recordings/mp4 \
+                   /var/lib/lightnvr/www; do
+            [ -d "$dir" ] || continue
+            chown "${CURRENT_UID}:${CURRENT_GID}" "$dir" 2>/dev/null || true
+            chmod 755 "$dir" 2>/dev/null || true
+        done
+    fi
 
     # Test write permissions on critical directories
     log_info "Testing write permissions..."

src/video/mp4_recording_core.c

@@ -141,7 +141,7 @@ static void *mp4_recording_thread(void *arg) {
         }
 
         // Set permissions
-        if (chmod_recursive(mp4_dir, 0755) != 0) {
+        if (chmod_path(mp4_dir, 0755) != 0) {
             log_warn("Failed to set permissions on directory: %s", mp4_dir);
         }
 
@@ -153,7 +153,7 @@ static void *mp4_recording_thread(void *arg) {
         log_error("Output directory is not writable: %s", mp4_dir);
 
         // Try to fix permissions
-        if (chmod_recursive(mp4_dir, 0755) != 0) {
+        if (chmod_path(mp4_dir, 0755) != 0) {
             log_warn("Failed to set permissions on directory: %s", mp4_dir);
         }
 
@@ -689,7 +689,7 @@ int start_mp4_recording(const char *stream_name) {
     }
 
     // Set appropriate permissions for MP4 directory (owner rwx, group/others rx)
-    if (chmod_recursive(mp4_dir, 0755) != 0) {
+    if (chmod_path(mp4_dir, 0755) != 0) {
         log_warn("Failed to set permissions on MP4 directory: %s", mp4_dir);
     }
 
@@ -859,7 +859,7 @@ int start_mp4_recording_with_url(const char *stream_name, const char *url) {
     }
 
     // Set permissions for MP4 directory (owner rwx, group/others rx)
-    if (chmod_recursive(mp4_dir, 0755) != 0) {
+    if (chmod_path(mp4_dir, 0755) != 0) {
         log_warn("Failed to set permissions on MP4 directory: %s", mp4_dir);
     }
 
@@ -1075,7 +1075,7 @@ int start_mp4_recording_with_trigger(const char *stream_name, const char *trigge
     }
 
     // Set permissions for MP4 directory (owner rwx, group/others rx)
-    if (chmod_recursive(mp4_dir, 0755) != 0) {
+    if (chmod_path(mp4_dir, 0755) != 0) {
         log_warn("Failed to set permissions on MP4 directory: %s", mp4_dir);
     }
 
@@ -1230,7 +1230,7 @@ int start_mp4_recording_with_url_and_trigger(const char *stream_name, const char
     }
 
     // Set permissions for MP4 directory (owner rwx, group/others rx)
-    if (chmod_recursive(mp4_dir, 0755) != 0) {
+    if (chmod_path(mp4_dir, 0755) != 0) {
         log_warn("Failed to set permissions on MP4 directory: %s", mp4_dir);
     }