From 73986259e615435f366e74d859828d0d86e1b638 Mon Sep 17 00:00:00 2001 From: ecaiyanlinux Date: Thu, 9 Dec 2021 07:37:14 +0100 Subject: [PATCH] Revert the changes for Docker non root user There are side effects when using non root user in Dockerfile(s) Need further investigation Signed-off-by: ecaiyanlinux Change-Id: Idc8d45084d9bee28f52c5e236b652d3f4d497d7a --- a1-policy-management-service/Dockerfile | 7 ++----- dmaap-adaptor-java/Dockerfile | 8 ++------ information-coordinator-service/Dockerfile | 9 +++------ r-app-catalogue/Dockerfile | 9 +++------ test/cr/Dockerfile | 13 ------------- test/cr/app/nginx.conf | 2 +- test/http-https-proxy/Dockerfile | 2 -- test/mrstub/Dockerfile | 12 ------------ test/mrstub/app/nginx.conf | 2 +- test/prodstub/Dockerfile | 13 ------------- test/prodstub/app/nginx.conf | 2 +- .../oruclosedlooprecovery/scriptversion/app/Dockerfile | 4 ---- .../scriptversion/simulators/Dockerfile-message-generator | 5 ----- .../scriptversion/simulators/Dockerfile-sdnr-sim | 5 ----- 14 files changed, 13 insertions(+), 80 deletions(-) diff --git a/a1-policy-management-service/Dockerfile b/a1-policy-management-service/Dockerfile index 3775b396..f64eebb6 100644 --- a/a1-policy-management-service/Dockerfile +++ b/a1-policy-management-service/Dockerfile @@ -34,11 +34,8 @@ ADD /config/application_configuration.json /opt/app/policy-agent/data/applicatio ADD /config/keystore.jks /opt/app/policy-agent/etc/cert/keystore.jks ADD /config/truststore.jks /opt/app/policy-agent/etc/cert/truststore.jks -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser -RUN chown -R appuser:appuser /opt/app/policy-agent -RUN chown -R appuser:appuser /var/log/policy-agent -USER appuser +RUN chmod -R 777 /opt/app/policy-agent/config/ +RUN chmod -R 777 /opt/app/policy-agent/data/ ADD target/${JAR} /opt/app/policy-agent/policy-agent.jar CMD ["java", "-jar", "/opt/app/policy-agent/policy-agent.jar"] diff --git a/dmaap-adaptor-java/Dockerfile b/dmaap-adaptor-java/Dockerfile index 9843699a..b2c0c30c 100644 --- a/dmaap-adaptor-java/Dockerfile +++ b/dmaap-adaptor-java/Dockerfile @@ -30,18 +30,14 @@ WORKDIR /opt/app/dmaap-adaptor-service RUN mkdir -p /var/log/dmaap-adaptor-service RUN mkdir -p /opt/app/dmaap-adaptor-service/etc/cert/ RUN mkdir -p /var/dmaap-adaptor-service +RUN chmod -R 777 /var/dmaap-adaptor-service ADD /config/application.yaml /opt/app/dmaap-adaptor-service/config/application.yaml ADD /config/application_configuration.json /opt/app/dmaap-adaptor-service/data/application_configuration.json_example ADD /config/keystore.jks /opt/app/dmaap-adaptor-service/etc/cert/keystore.jks ADD /config/truststore.jks /opt/app/dmaap-adaptor-service/etc/cert/truststore.jks - -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser -RUN chown -R appuser:appuser /var/dmaap-adaptor-service/ -RUN chown -R appuser:appuser /opt/app/dmaap-adaptor-service/ -USER appuser +RUN chmod -R 777 /opt/app/dmaap-adaptor-service/config/ ADD target/${JAR} /opt/app/dmaap-adaptor-service/dmaap-adaptor.jar CMD ["java", "-jar", "/opt/app/dmaap-adaptor-service/dmaap-adaptor.jar"] diff --git a/information-coordinator-service/Dockerfile b/information-coordinator-service/Dockerfile index 226d2ec3..e9d179df 100644 --- a/information-coordinator-service/Dockerfile +++ b/information-coordinator-service/Dockerfile @@ -25,6 +25,7 @@ WORKDIR /opt/app/information-coordinator-service RUN mkdir -p /var/log/information-coordinator-service RUN mkdir -p /opt/app/information-coordinator-service/etc/cert/ RUN mkdir -p /var/information-coordinator-service +RUN chmod -R 777 /var/information-coordinator-service EXPOSE 8083 8434 @@ -33,12 +34,8 @@ ADD target/${JAR} /opt/app/information-coordinator-service/information-coordinat ADD /config/keystore.jks /opt/app/information-coordinator-service/etc/cert/keystore.jks ADD /config/truststore.jks /opt/app/information-coordinator-service/etc/cert/truststore.jks -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser -RUN chown -R appuser:appuser /opt/app/information-coordinator-service -RUN chown -R appuser:appuser /var/information-coordinator-service -RUN chown -R appuser:appuser /var/log/information-coordinator-service -USER appuser + +RUN chmod -R 777 /opt/app/information-coordinator-service/config/ CMD ["java", "-jar", "/opt/app/information-coordinator-service/information-coordinator-service.jar"] diff --git a/r-app-catalogue/Dockerfile b/r-app-catalogue/Dockerfile index 474a3ce7..cd2efc9b 100644 --- a/r-app-catalogue/Dockerfile +++ b/r-app-catalogue/Dockerfile @@ -27,16 +27,13 @@ RUN mkdir -p /opt/app/r-app-catalogue/etc/cert/ EXPOSE 8680 8633 -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser -RUN chown -R appuser:appuser /opt/app/r-app-catalogue/ -RUN chown -R appuser:appuser /var/log/r-app-catalogue/ -USER appuser - ADD /config/application.yaml /opt/app/r-app-catalogue/config/application.yaml ADD /config/r-app-catalogue-keystore.jks /opt/app/r-app-catalogue/etc/cert/keystore.jks ADD target/${JAR} /opt/app/r-app-catalogue/r-app-catalogue.jar + +RUN chmod -R 777 /opt/app/r-app-catalogue/config/ + CMD ["java", "-jar", "/opt/app/r-app-catalogue/r-app-catalogue.jar"] diff --git a/test/cr/Dockerfile b/test/cr/Dockerfile index 92efcb0c..e66d30f3 100644 --- a/test/cr/Dockerfile +++ b/test/cr/Dockerfile @@ -31,17 +31,4 @@ RUN pip install -r requirements.txt RUN chmod +x start.sh -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser - -## add permissions for appuser user -RUN chown -R appuser:appuser /usr/src/app/ && chmod -R 755 /usr/src/app/ && \ - chown -R appuser:appuser /var/log/nginx && \ - chown -R appuser:appuser /var/lib/nginx && \ - chown -R appuser:appuser /etc/nginx/conf.d -RUN touch /var/run/nginx.pid && \ - chown -R appuser:appuser /var/run/nginx.pid - -USER appuser - CMD [ "./start.sh" ] diff --git a/test/cr/app/nginx.conf b/test/cr/app/nginx.conf index 31e38451..32beca1c 100644 --- a/test/cr/app/nginx.conf +++ b/test/cr/app/nginx.conf @@ -1,4 +1,4 @@ -# user www-data; +user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; diff --git a/test/http-https-proxy/Dockerfile b/test/http-https-proxy/Dockerfile index 0043eeb8..d7a78ad1 100644 --- a/test/http-https-proxy/Dockerfile +++ b/test/http-https-proxy/Dockerfile @@ -13,6 +13,4 @@ COPY cert/pass . WORKDIR /usr/src/app COPY http_proxy.js . -USER node - CMD [ "node", "http_proxy.js" ] \ No newline at end of file diff --git a/test/mrstub/Dockerfile b/test/mrstub/Dockerfile index 9b58a99f..676c77ca 100644 --- a/test/mrstub/Dockerfile +++ b/test/mrstub/Dockerfile @@ -34,16 +34,4 @@ RUN pip install -r requirements.txt RUN chmod +x start.sh -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser -## add permissions for appuser user -RUN chown -R appuser:appuser /usr/src/app/ && chmod -R 755 /usr/src/app/ && \ - chown -R appuser:appuser /var/log/nginx && \ - chown -R appuser:appuser /var/lib/nginx && \ - chown -R appuser:appuser /etc/nginx/conf.d -RUN touch /var/run/nginx.pid && \ - chown -R appuser:appuser /var/run/nginx.pid - -USER appuser - CMD [ "./start.sh" ] \ No newline at end of file diff --git a/test/mrstub/app/nginx.conf b/test/mrstub/app/nginx.conf index be342b10..35b5ba0c 100644 --- a/test/mrstub/app/nginx.conf +++ b/test/mrstub/app/nginx.conf @@ -1,4 +1,4 @@ -# user www-data; +user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; diff --git a/test/prodstub/Dockerfile b/test/prodstub/Dockerfile index 813cfbdd..4768bf95 100644 --- a/test/prodstub/Dockerfile +++ b/test/prodstub/Dockerfile @@ -32,17 +32,4 @@ RUN chmod +x start.sh RUN apt-get update RUN apt-get install -y nginx=1.14.* -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser - -## add permissions for appuser user -RUN chown -R appuser:appuser /usr/src/app/ && chmod -R 755 /usr/src/app/ && \ - chown -R appuser:appuser /var/log/nginx && \ - chown -R appuser:appuser /var/lib/nginx && \ - chown -R appuser:appuser /etc/nginx/conf.d -RUN touch /var/run/nginx.pid && \ - chown -R appuser:appuser /var/run/nginx.pid - -USER appuser - CMD [ "./start.sh" ] diff --git a/test/prodstub/app/nginx.conf b/test/prodstub/app/nginx.conf index 5ff404be..8119b0d5 100644 --- a/test/prodstub/app/nginx.conf +++ b/test/prodstub/app/nginx.conf @@ -1,4 +1,4 @@ -# user www-data; +user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; diff --git a/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile b/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile index 3c1a064e..4cb03c74 100644 --- a/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile +++ b/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile @@ -29,8 +29,4 @@ RUN apt-get install iputils-ping -y RUN pip install -r requirements.txt -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser -USER appuser - CMD [ "python3", "-u", "main.py" ] diff --git a/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-message-generator b/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-message-generator index bb9c0145..841cf7ff 100644 --- a/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-message-generator +++ b/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-message-generator @@ -29,9 +29,4 @@ RUN apt-get install iputils-ping -y RUN pip install -r requirements.txt -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser - -USER appuser - CMD [ "python3", "-u", "message_generator.py" ] diff --git a/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-sdnr-sim b/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-sdnr-sim index f3a5200f..4275b178 100644 --- a/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-sdnr-sim +++ b/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-sdnr-sim @@ -29,9 +29,4 @@ RUN apt-get install iputils-ping -y RUN pip install -r requirements.txt -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser - -USER appuser - CMD [ "python3", "-u", "sdnr_simulator.py" ] -- 2.16.6