Merged in fix-installer-dir-permissions (pull request #147)

Change install dir permissions * Change install dir permissions * Update chown syntax * Root own install dir * Change permissions * Confluence user and root group own install dir * Fix tests * Fix tests * Remove redundant chown Approved-by: Minh Tran Approved-by: Adam Brokes
2024-08-30 18:22:16 +00:00 · 2024-01-17 19:50:27 +00:00 · 2024-01-17 19:50:27 +00:00 · e6d24ab68f
commit e6d24ab68f
parent 3b62a5a1a1
2 changed files with 9 additions and 9 deletions
--- a/13
+++ b/13
@ -41,15 +41,14 @@ ENV CONFLUENCE_VERSION                              ${CONFLUENCE_VERSION}
 RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
    && useradd --uid ${RUN_UID} --gid ${RUN_GID} --home-dir ${CONFLUENCE_HOME} --shell /bin/bash ${RUN_USER} \
    && echo PATH=$PATH > /etc/environment \
-    \
    && mkdir -p                                     ${CONFLUENCE_INSTALL_DIR} \
    && curl -L --silent                             ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
-    && chmod -R "u=rwX,g=rX,o=rX"                   ${CONFLUENCE_INSTALL_DIR}/ \
-    && chown -R root.                               ${CONFLUENCE_INSTALL_DIR}/ \
-    && chown -R ${RUN_USER}:${RUN_GROUP}            ${CONFLUENCE_INSTALL_DIR}/logs \
-    && chown -R ${RUN_USER}:${RUN_GROUP}            ${CONFLUENCE_INSTALL_DIR}/temp \
-    && chown -R ${RUN_USER}:${RUN_GROUP}            ${CONFLUENCE_INSTALL_DIR}/work \
-    && chown -R ${RUN_USER}:${RUN_GROUP}            ${CONFLUENCE_HOME} \
+    && chmod -R 550                                 ${CONFLUENCE_INSTALL_DIR}/ \
+    && chown -R ${RUN_USER}:root                    ${CONFLUENCE_INSTALL_DIR}/ \
+    && for dir in logs temp work; do \
+         chmod -R 700 ${CONFLUENCE_INSTALL_DIR}/${dir}; \
+       done \
+    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_HOME} \
    && for file in "/opt/atlassian/support /entrypoint.py /entrypoint_helpers.py /shutdown-wait.sh"; do \
       chmod -R "u=rwX,g=rX,o=rX" ${file} && \
       chown -R root ${file}; done \
--- a/tests/test_image.py
+++ b/tests/test_image.py
@ -34,11 +34,12 @@ def test_jvm_args(docker_cli, image, run_user):
 def test_install_permissions(docker_cli, image):
    container = run_image(docker_cli, image)

-    assert container.file(f'{get_app_install_dir(container)}').user == 'root'
+    assert container.file(f'{get_app_install_dir(container)}').user == 'confluence'
+    assert container.file(f'{get_app_install_dir(container)}').mode == 360

    for d in ['logs', 'work', 'temp']:
        path = f'{get_app_install_dir(container)}/{d}'
-        assert container.file(path).user == 'confluence'
+        assert container.file(path).mode == 448


 def test_first_run_state(docker_cli, image, run_user):