From 0464fd476c09ce0d1974320bcd1169316052caeb Mon Sep 17 00:00:00 2001 From: Tom Kralidis Date: Wed, 14 Aug 2024 13:40:10 -0400 Subject: [PATCH 1/3] run management container as non-root (#19) --- wis2-gdc-management/Dockerfile | 10 +++++++--- wis2-gdc-management/docker/wis2-gdc-management.cron | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/wis2-gdc-management/Dockerfile b/wis2-gdc-management/Dockerfile index 13abf07..fda6481 100644 --- a/wis2-gdc-management/Dockerfile +++ b/wis2-gdc-management/Dockerfile @@ -31,7 +31,7 @@ ENV TZ="Etc/UTC" \ COPY ./ /app # add to crontab -COPY ./docker/wis2-gdc-management.cron /etc/cron.d/wis2-gdc-management.cron +COPY ./docker/wis2-gdc-management.cron /var/spool/cron/crontabs/wis2-gdc RUN apt-get update -y && \ # install dependencies @@ -45,7 +45,11 @@ RUN apt-get update -y && \ apt autoremove -y && \ apt-get -q clean && \ rm -rf /var/lib/apt/lists/* && \ - chmod 0644 /etc/cron.d/wis2-gdc-management.cron && \ - crontab /etc/cron.d/wis2-gdc-management.cron + chmod 0644 /var/spool/cron/crontabs/wis2-gdc && \ + crontab /var/spool/cron/crontabs/wis2-gdc && \ + # add wis2-gdc user + useradd -ms /bin/bash wis2-gdc + +USER wis2-gdc ENTRYPOINT [ "/app/docker/entrypoint.sh" ] diff --git a/wis2-gdc-management/docker/wis2-gdc-management.cron b/wis2-gdc-management/docker/wis2-gdc-management.cron index 54be3c4..8ef1dac 100644 --- a/wis2-gdc-management/docker/wis2-gdc-management.cron +++ b/wis2-gdc-management/docker/wis2-gdc-management.cron @@ -1 +1 @@ -0 0 * * * su -c "wis2-gdc archive $WIS2_GDC_METADATA_ARCHIVE_ZIPFILE" > /proc/1/fd/1 2>/proc/1/fd/2 +0 0 * * * wis2-gdc archive $WIS2_GDC_METADATA_ARCHIVE_ZIPFILE > /proc/1/fd/1 2>/proc/1/fd/2 From fe2d5b58702b630f2ddbbe4590d5128ee8e21568 Mon Sep 17 00:00:00 2001 From: Tom Kralidis Date: Thu, 15 Aug 2024 14:49:40 -0400 Subject: [PATCH 2/3] Update Dockerfile --- wis2-gdc-management/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wis2-gdc-management/Dockerfile b/wis2-gdc-management/Dockerfile index fda6481..53adef3 100644 --- a/wis2-gdc-management/Dockerfile +++ b/wis2-gdc-management/Dockerfile @@ -25,7 +25,7 @@ LABEL maintainer="tomkralidis@gmail.com" ENV TZ="Etc/UTC" \ DEBIAN_FRONTEND="noninteractive" \ - DEBIAN_PACKAGES="bash cron curl git python3-pip python3-setuptools vim" + DEBIAN_PACKAGES="bash cron curl git python3-pip python3-setuptools sudo vim" # copy the app COPY ./ /app @@ -48,7 +48,9 @@ RUN apt-get update -y && \ chmod 0644 /var/spool/cron/crontabs/wis2-gdc && \ crontab /var/spool/cron/crontabs/wis2-gdc && \ # add wis2-gdc user - useradd -ms /bin/bash wis2-gdc + useradd -ms /bin/bash wis2-gdc && \ + adduser wis2-gdc sudo && \ + echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers USER wis2-gdc From d303dd1f324e31d18a9ac579d82f9b52acd446a5 Mon Sep 17 00:00:00 2001 From: Tom Kralidis Date: Thu, 15 Aug 2024 14:50:54 -0400 Subject: [PATCH 3/3] Update entrypoint.sh --- wis2-gdc-management/docker/entrypoint.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wis2-gdc-management/docker/entrypoint.sh b/wis2-gdc-management/docker/entrypoint.sh index e66b6ff..04a8291 100755 --- a/wis2-gdc-management/docker/entrypoint.sh +++ b/wis2-gdc-management/docker/entrypoint.sh @@ -24,10 +24,12 @@ echo "START /entrypoint.sh" -printenv | grep -v "no_proxy" >> /etc/environment +printenv | grep -v "no_proxy" > /tmp/environment +sudo sh -c 'cat /tmp/environment >> /etc/environment' +rm -f /tmp/environment echo "Starting cron" -service cron start +sudo service cron start service cron status echo "Caching WNM schema"