Set permissions to allow run_user to bootstrap container

2024-08-30 18:22:16 +00:00 · 2019-09-05 13:49:07 +10:00 · 2019-09-05 13:49:07 +10:00 · 36d2420fad
commit 36d2420fad
parent d949968de3
3 changed files with 21 additions and 7 deletions
--- a/10
+++ b/10
@ -9,7 +9,6 @@ ENV RUN_GID							2002
 ENV CONFLUENCE_HOME          				/var/atlassian/application-data/confluence
 ENV CONFLUENCE_INSTALL_DIR   				/opt/atlassian/confluence

-VOLUME ["${CONFLUENCE_HOME}"]
 WORKDIR $CONFLUENCE_HOME

 # Expose HTTP and Synchrony ports
@ -31,7 +30,8 @@ ARG CONFLUENCE_VERSION
 ARG DOWNLOAD_URL=https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz

 RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
-    && useradd --uid ${RUN_UID} --gid ${RUN_GID} --home-dir ${CONFLUENCE_HOME} ${RUN_USER} \
+    && useradd --uid ${RUN_UID} --gid ${RUN_GID} --home-dir ${CONFLUENCE_HOME} --shell /bin/bash ${RUN_USER} \
+    && echo PATH=$PATH > /etc/environment \
    \
    && mkdir -p                       	 ${CONFLUENCE_INSTALL_DIR} \
    && curl -L --silent                  ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
@ -40,8 +40,14 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
+    && chown ${RUN_USER}:${RUN_GROUP}    ${CONFLUENCE_INSTALL_DIR}/conf/server.xml \
+    && chown ${RUN_USER}:${RUN_GROUP}    ${CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/seraph-config.xml \
+    && chown ${RUN_USER}:${RUN_GROUP}    ${CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/confluence-init.properties \
+    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_HOME} \
    \
    && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh

+VOLUME ["${CONFLUENCE_HOME}"] # Must be declared after setting perms
+
 COPY entrypoint.py              			/entrypoint.py
 COPY config/*						/opt/atlassian/etc/
--- a/9
+++ b/9
@ -9,7 +9,6 @@ ENV RUN_GID							2002
 ENV CONFLUENCE_HOME          				/var/atlassian/application-data/confluence
 ENV CONFLUENCE_INSTALL_DIR   				/opt/atlassian/confluence

-VOLUME ["${CONFLUENCE_HOME}"]
 WORKDIR $CONFLUENCE_HOME

 # Expose HTTP and Synchrony ports
@ -31,7 +30,7 @@ ARG CONFLUENCE_VERSION
 ARG DOWNLOAD_URL=https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz

 RUN addgroup -g ${RUN_GID} ${RUN_GROUP} \
-    && adduser -u ${RUN_UID} -G ${RUN_GROUP} -h ${CONFLUENCE_HOME} -D ${RUN_USER} \
+    && adduser -u ${RUN_UID} -G ${RUN_GROUP} -h ${CONFLUENCE_HOME} -s /bin/bash -D ${RUN_USER} \
    \
    && mkdir -p                          ${CONFLUENCE_INSTALL_DIR} \
    && curl -L --silent                  ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
@ -40,8 +39,14 @@ RUN addgroup -g ${RUN_GID} ${RUN_GROUP} \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
+    && chown ${RUN_USER}:${RUN_GROUP}    ${CONFLUENCE_INSTALL_DIR}/conf/server.xml \
+    && chown ${RUN_USER}:${RUN_GROUP}    ${CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/seraph-config.xml \
+    && chown ${RUN_USER}:${RUN_GROUP}    ${CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/confluence-init.properties \
+    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_HOME} \
    \
    && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh

+VOLUME ["${CONFLUENCE_HOME}"] # Must be declared after setting perms
+
 COPY entrypoint.py              			/entrypoint.py
 COPY config/*						/opt/atlassian/etc/
--- a/entrypoint.py
+++ b/entrypoint.py
@ -49,13 +49,16 @@ env = {k.lower(): v
 # Generate all configuration files for Confluence

 gen_cfg('server.xml.j2',
-        f"{env['confluence_install_dir']}/conf/server.xml", env)
+        f"{env['confluence_install_dir']}/conf/server.xml", env,
+        user=env['run_user'], group=env['run_group'])

 gen_cfg('seraph-config.xml.j2',
-        f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/seraph-config.xml", env)
+        f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/seraph-config.xml", env,
+        user=env['run_user'], group=env['run_group'])

 gen_cfg('confluence-init.properties.j2',
-        f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/confluence-init.properties", env)
+        f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/confluence-init.properties", env,
+        user=env['run_user'], group=env['run_group'])

 gen_cfg('confluence.cfg.xml.j2',
        f"{env['confluence_home']}/confluence.cfg.xml", env,