From 36625a26aec5a4954392b1310da9868dbf090138 Mon Sep 17 00:00:00 2001 From: ecaiyanlinux Date: Thu, 2 Dec 2021 17:48:53 +0100 Subject: [PATCH] Update Dockerfile to use non root user More Dockerfile(s) Including bug fixes Signed-off-by: ecaiyanlinux Issue-ID: NONRTRIC-656 Change-Id: I011b32bd86b34050a53806b945a1bb4029327416 --- r-app-catalogue/Dockerfile | 11 ++++------- test/cr/Dockerfile | 9 +++++++++ test/cr/app/nginx.conf | 2 +- test/http-https-proxy/Dockerfile | 4 +--- test/mrstub/Dockerfile | 8 ++++++++ test/mrstub/app/nginx.conf | 2 +- test/prodstub/Dockerfile | 9 +++++++++ test/prodstub/app/nginx.conf | 2 +- .../scriptversion/simulators/Dockerfile-message-generator | 5 +++++ .../scriptversion/simulators/Dockerfile-sdnr-sim | 5 +++++ 10 files changed, 44 insertions(+), 13 deletions(-) diff --git a/r-app-catalogue/Dockerfile b/r-app-catalogue/Dockerfile index 0f77256e..474a3ce7 100644 --- a/r-app-catalogue/Dockerfile +++ b/r-app-catalogue/Dockerfile @@ -27,19 +27,16 @@ RUN mkdir -p /opt/app/r-app-catalogue/etc/cert/ EXPOSE 8680 8633 -ADD /config/application.yaml /opt/app/r-app-catalogue/config/application.yaml -ADD /config/r-app-catalogue-keystore.jks /opt/app/r-app-catalogue/etc/cert/keystore.jks -ADD target/${JAR} /opt/app/r-app-catalogue/r-app-catalogue.jar - - -RUN chmod -R 644 /opt/app/r-app-catalogue/config/ - RUN groupadd -g 999 appuser && \ useradd -r -u 999 -g appuser appuser RUN chown -R appuser:appuser /opt/app/r-app-catalogue/ RUN chown -R appuser:appuser /var/log/r-app-catalogue/ USER appuser +ADD /config/application.yaml /opt/app/r-app-catalogue/config/application.yaml +ADD /config/r-app-catalogue-keystore.jks /opt/app/r-app-catalogue/etc/cert/keystore.jks +ADD target/${JAR} /opt/app/r-app-catalogue/r-app-catalogue.jar + CMD ["java", "-jar", "/opt/app/r-app-catalogue/r-app-catalogue.jar"] diff --git a/test/cr/Dockerfile b/test/cr/Dockerfile index ad61ab32..92efcb0c 100644 --- a/test/cr/Dockerfile +++ b/test/cr/Dockerfile @@ -33,6 +33,15 @@ RUN chmod +x start.sh RUN groupadd -g 999 appuser && \ useradd -r -u 999 -g appuser appuser + +## add permissions for appuser user +RUN chown -R appuser:appuser /usr/src/app/ && chmod -R 755 /usr/src/app/ && \ + chown -R appuser:appuser /var/log/nginx && \ + chown -R appuser:appuser /var/lib/nginx && \ + chown -R appuser:appuser /etc/nginx/conf.d +RUN touch /var/run/nginx.pid && \ + chown -R appuser:appuser /var/run/nginx.pid + USER appuser CMD [ "./start.sh" ] diff --git a/test/cr/app/nginx.conf b/test/cr/app/nginx.conf index 32beca1c..31e38451 100644 --- a/test/cr/app/nginx.conf +++ b/test/cr/app/nginx.conf @@ -1,4 +1,4 @@ -user www-data; +# user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; diff --git a/test/http-https-proxy/Dockerfile b/test/http-https-proxy/Dockerfile index 0d9b9775..0043eeb8 100644 --- a/test/http-https-proxy/Dockerfile +++ b/test/http-https-proxy/Dockerfile @@ -13,8 +13,6 @@ COPY cert/pass . WORKDIR /usr/src/app COPY http_proxy.js . -RUN groupadd -g 999 appuser && \ - useradd -r -u 999 -g appuser appuser -USER appuser +USER node CMD [ "node", "http_proxy.js" ] \ No newline at end of file diff --git a/test/mrstub/Dockerfile b/test/mrstub/Dockerfile index a5f9ea01..9b58a99f 100644 --- a/test/mrstub/Dockerfile +++ b/test/mrstub/Dockerfile @@ -36,6 +36,14 @@ RUN chmod +x start.sh RUN groupadd -g 999 appuser && \ useradd -r -u 999 -g appuser appuser +## add permissions for appuser user +RUN chown -R appuser:appuser /usr/src/app/ && chmod -R 755 /usr/src/app/ && \ + chown -R appuser:appuser /var/log/nginx && \ + chown -R appuser:appuser /var/lib/nginx && \ + chown -R appuser:appuser /etc/nginx/conf.d +RUN touch /var/run/nginx.pid && \ + chown -R appuser:appuser /var/run/nginx.pid + USER appuser CMD [ "./start.sh" ] \ No newline at end of file diff --git a/test/mrstub/app/nginx.conf b/test/mrstub/app/nginx.conf index 35b5ba0c..be342b10 100644 --- a/test/mrstub/app/nginx.conf +++ b/test/mrstub/app/nginx.conf @@ -1,4 +1,4 @@ -user www-data; +# user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; diff --git a/test/prodstub/Dockerfile b/test/prodstub/Dockerfile index 0a027e4d..813cfbdd 100644 --- a/test/prodstub/Dockerfile +++ b/test/prodstub/Dockerfile @@ -34,6 +34,15 @@ RUN apt-get install -y nginx=1.14.* RUN groupadd -g 999 appuser && \ useradd -r -u 999 -g appuser appuser + +## add permissions for appuser user +RUN chown -R appuser:appuser /usr/src/app/ && chmod -R 755 /usr/src/app/ && \ + chown -R appuser:appuser /var/log/nginx && \ + chown -R appuser:appuser /var/lib/nginx && \ + chown -R appuser:appuser /etc/nginx/conf.d +RUN touch /var/run/nginx.pid && \ + chown -R appuser:appuser /var/run/nginx.pid + USER appuser CMD [ "./start.sh" ] diff --git a/test/prodstub/app/nginx.conf b/test/prodstub/app/nginx.conf index 8119b0d5..5ff404be 100644 --- a/test/prodstub/app/nginx.conf +++ b/test/prodstub/app/nginx.conf @@ -1,4 +1,4 @@ -user www-data; +# user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; diff --git a/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-message-generator b/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-message-generator index 841cf7ff..bb9c0145 100644 --- a/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-message-generator +++ b/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-message-generator @@ -29,4 +29,9 @@ RUN apt-get install iputils-ping -y RUN pip install -r requirements.txt +RUN groupadd -g 999 appuser && \ + useradd -r -u 999 -g appuser appuser + +USER appuser + CMD [ "python3", "-u", "message_generator.py" ] diff --git a/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-sdnr-sim b/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-sdnr-sim index 4275b178..f3a5200f 100644 --- a/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-sdnr-sim +++ b/test/usecases/oruclosedlooprecovery/scriptversion/simulators/Dockerfile-sdnr-sim @@ -29,4 +29,9 @@ RUN apt-get install iputils-ping -y RUN pip install -r requirements.txt +RUN groupadd -g 999 appuser && \ + useradd -r -u 999 -g appuser appuser + +USER appuser + CMD [ "python3", "-u", "sdnr_simulator.py" ] -- 2.16.6