Create OS user for tomcat directly instead of individual apps using it

This commit is contained in:
Disassembler 2019-11-30 19:00:03 +01:00
parent c71817c2e8
commit bdf4a01b3b
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
10 changed files with 32 additions and 29 deletions

@ -1 +1 @@
Subproject commit 7c25d22d4146033cfb1e0775d06912b5c8f77e73 Subproject commit 2d3890fd51bdaedb09c3d3742e7a58545f370244

View File

@ -5,7 +5,6 @@ import shutil
import subprocess import subprocess
import sys import sys
from enum import Enum
from lxcmgr import lxcmgr from lxcmgr import lxcmgr
from lxcmgr.paths import LXC_STORAGE_DIR from lxcmgr.paths import LXC_STORAGE_DIR
from lxcmgr.pkgmgr import PkgMgr from lxcmgr.pkgmgr import PkgMgr
@ -16,7 +15,7 @@ class ImageExistsError(Exception):
class ImageNotFoundError(Exception): class ImageNotFoundError(Exception):
pass pass
class BuildType(Enum): class BuildType:
NORMAL = 1 NORMAL = 1
FORCE = 2 FORCE = 2
SCRATCH = 3 SCRATCH = 3

View File

@ -1,3 +1,3 @@
#!/bin/execlineb -P #!/bin/execlineb -P
foreground { s6-svwait -d -t 3000 mifosx } foreground { s6-svwait -d -t 3000 tomcat }

View File

@ -2,5 +2,5 @@
cd /srv/tomcat cd /srv/tomcat
fdmove -c 2 1 fdmove -c 2 1
s6-setuidgid mifosx s6-setuidgid tomcat
catalina.sh run catalina.sh run

View File

@ -16,11 +16,6 @@ RUN EOF
# Download Java library dependencies # Download Java library dependencies
wget http://central.maven.org/maven2/org/drizzle/jdbc/drizzle-jdbc/1.4/drizzle-jdbc-1.4.jar -O /srv/tomcat/lib/drizzle-jdbc-1.4.jar wget http://central.maven.org/maven2/org/drizzle/jdbc/drizzle-jdbc/1.4/drizzle-jdbc-1.4.jar -O /srv/tomcat/lib/drizzle-jdbc-1.4.jar
# Create OS user
addgroup -S -g 8080 mifosx
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g mifosx -G mifosx mifosx
chown -R mifosx:mifosx /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
# Cleanup # Cleanup
apk --no-cache del wget apk --no-cache del wget
rm -rf /tmp/fineractplatform-18.03.01.RELEASE /tmp/mifosx.zip rm -rf /tmp/fineractplatform-18.03.01.RELEASE /tmp/mifosx.zip
@ -35,6 +30,9 @@ RUN EOF
cd /srv/tomcat/webapps/ROOT/scripts/ cd /srv/tomcat/webapps/ROOT/scripts/
patch -p0 </tmp/locale-cs.patch patch -p0 </tmp/locale-cs.patch
rm /tmp/locale-cs.patch rm /tmp/locale-cs.patch
# Change webapps ownership
chown -R tomcat:tomcat /srv/tomcat/webapps
EOF EOF
CMD s6-svscan /etc/services.d CMD s6-svscan /etc/services.d

View File

@ -12,10 +12,8 @@ RUN EOF
wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar
cp /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar /srv/tomcat/webapps/ROOT/WEB-INF/bundles/postgresql-42.2.5.jar cp /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar /srv/tomcat/webapps/ROOT/WEB-INF/bundles/postgresql-42.2.5.jar
# Create OS user # Change webapps ownership
addgroup -S -g 8080 motech chown -R tomcat:tomcat /srv/tomcat/webapps
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g motech -G motech motech
chown -R motech:motech /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
# Cleanup # Cleanup
rm -f /tmp/motech.war rm -f /tmp/motech.war

View File

@ -11,10 +11,8 @@ RUN EOF
rm /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.1.4.jre7.jar rm /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.1.4.jre7.jar
wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar
# Create OS user # Change webapps ownership
addgroup -S -g 8080 odk chown -R tomcat:tomcat /srv/tomcat/webapps
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g odk -G odk odk
chown -R odk:odk /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
# Cleanup # Cleanup
rm /tmp/odk.war rm /tmp/odk.war

View File

@ -14,10 +14,8 @@ RUN EOF
# Remove logging config # Remove logging config
rm /srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml rm /srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml
# Create OS user # Change webapps ownership
addgroup -S -g 8080 sigmah chown -R tomcat:tomcat /srv/tomcat/webapps
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g sigmah -G sigmah sigmah
chown -R sigmah:sigmah /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
# Download database files # Download database files
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /srv/sigmah-MinimumDataKit.sql wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /srv/sigmah-MinimumDataKit.sql

View File

@ -12,10 +12,16 @@ RUN EOF
# Cleanup # Cleanup
rm -f /srv/tomcat/bin/tomcat-native.tar.gz rm -f /srv/tomcat/bin/tomcat-native.tar.gz
rm -f /srv/tomcat/temp/safeToDelete.tmp rm -f /srv/tomcat/temp/safeToDelete.tmp
rm -rf /srv/tomcat/webapps rm -rf /srv/tomcat/webapps/*
mkdir /srv/tomcat/webapps
EOF EOF
COPY lxc COPY lxc
RUN catalina.sh run RUN EOF
# Create OS user
addgroup -S -g 8080 tomcat
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g tomcat -G tomcat tomcat
chown -R tomcat:tomcat /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
EOF
CMD catalina.sh run

View File

@ -12,10 +12,9 @@ RUN EOF
# Cleanup # Cleanup
rm -f /srv/tomcat/bin/tomcat-native.tar.gz rm -f /srv/tomcat/bin/tomcat-native.tar.gz
rm -f /srv/tomcat/temp/safeToDelete.tmp rm -f /srv/tomcat/temp/safeToDelete.tmp
rm -rf /srv/tomcat/webapps rm -rf /srv/tomcat/webapps/*
mkdir /srv/tomcat/webapps
# Change permission # Change permissions
find /srv/tomcat -type d -exec chmod 755 {} + find /srv/tomcat -type d -exec chmod 755 {} +
find /srv/tomcat -type f -not -path '/srv/tomcat/conf/*' -exec chmod 644 {} + find /srv/tomcat -type f -not -path '/srv/tomcat/conf/*' -exec chmod 644 {} +
chmod 755 /srv/tomcat/bin/*.sh chmod 755 /srv/tomcat/bin/*.sh
@ -23,4 +22,11 @@ EOF
COPY lxc COPY lxc
RUN catalina.sh run RUN EOF
# Create OS user
addgroup -S -g 8080 tomcat
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g tomcat -G tomcat tomcat
chown -R tomcat:tomcat /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
EOF
CMD catalina.sh run