Create OS user for tomcat directly instead of individual apps using it

This commit is contained in:
Disassembler 2019-11-30 19:00:03 +01:00
parent c71817c2e8
commit bdf4a01b3b
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
10 changed files with 32 additions and 29 deletions

@ -1 +1 @@
Subproject commit 7c25d22d4146033cfb1e0775d06912b5c8f77e73
Subproject commit 2d3890fd51bdaedb09c3d3742e7a58545f370244

View File

@ -5,7 +5,6 @@ import shutil
import subprocess
import sys
from enum import Enum
from lxcmgr import lxcmgr
from lxcmgr.paths import LXC_STORAGE_DIR
from lxcmgr.pkgmgr import PkgMgr
@ -16,7 +15,7 @@ class ImageExistsError(Exception):
class ImageNotFoundError(Exception):
pass
class BuildType(Enum):
class BuildType:
NORMAL = 1
FORCE = 2
SCRATCH = 3

View File

@ -1,3 +1,3 @@
#!/bin/execlineb -P
foreground { s6-svwait -d -t 3000 mifosx }
foreground { s6-svwait -d -t 3000 tomcat }

View File

@ -2,5 +2,5 @@
cd /srv/tomcat
fdmove -c 2 1
s6-setuidgid mifosx
s6-setuidgid tomcat
catalina.sh run

View File

@ -16,11 +16,6 @@ RUN EOF
# Download Java library dependencies
wget http://central.maven.org/maven2/org/drizzle/jdbc/drizzle-jdbc/1.4/drizzle-jdbc-1.4.jar -O /srv/tomcat/lib/drizzle-jdbc-1.4.jar
# Create OS user
addgroup -S -g 8080 mifosx
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g mifosx -G mifosx mifosx
chown -R mifosx:mifosx /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
# Cleanup
apk --no-cache del wget
rm -rf /tmp/fineractplatform-18.03.01.RELEASE /tmp/mifosx.zip
@ -35,6 +30,9 @@ RUN EOF
cd /srv/tomcat/webapps/ROOT/scripts/
patch -p0 </tmp/locale-cs.patch
rm /tmp/locale-cs.patch
# Change webapps ownership
chown -R tomcat:tomcat /srv/tomcat/webapps
EOF
CMD s6-svscan /etc/services.d

View File

@ -12,10 +12,8 @@ RUN EOF
wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar
cp /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar /srv/tomcat/webapps/ROOT/WEB-INF/bundles/postgresql-42.2.5.jar
# Create OS user
addgroup -S -g 8080 motech
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g motech -G motech motech
chown -R motech:motech /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
# Change webapps ownership
chown -R tomcat:tomcat /srv/tomcat/webapps
# Cleanup
rm -f /tmp/motech.war

View File

@ -11,10 +11,8 @@ RUN EOF
rm /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.1.4.jre7.jar
wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar
# Create OS user
addgroup -S -g 8080 odk
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g odk -G odk odk
chown -R odk:odk /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
# Change webapps ownership
chown -R tomcat:tomcat /srv/tomcat/webapps
# Cleanup
rm /tmp/odk.war

View File

@ -14,10 +14,8 @@ RUN EOF
# Remove logging config
rm /srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml
# Create OS user
addgroup -S -g 8080 sigmah
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g sigmah -G sigmah sigmah
chown -R sigmah:sigmah /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
# Change webapps ownership
chown -R tomcat:tomcat /srv/tomcat/webapps
# Download database files
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /srv/sigmah-MinimumDataKit.sql

View File

@ -12,10 +12,16 @@ RUN EOF
# Cleanup
rm -f /srv/tomcat/bin/tomcat-native.tar.gz
rm -f /srv/tomcat/temp/safeToDelete.tmp
rm -rf /srv/tomcat/webapps
mkdir /srv/tomcat/webapps
rm -rf /srv/tomcat/webapps/*
EOF
COPY lxc
RUN catalina.sh run
RUN EOF
# Create OS user
addgroup -S -g 8080 tomcat
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g tomcat -G tomcat tomcat
chown -R tomcat:tomcat /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
EOF
CMD catalina.sh run

View File

@ -12,10 +12,9 @@ RUN EOF
# Cleanup
rm -f /srv/tomcat/bin/tomcat-native.tar.gz
rm -f /srv/tomcat/temp/safeToDelete.tmp
rm -rf /srv/tomcat/webapps
mkdir /srv/tomcat/webapps
rm -rf /srv/tomcat/webapps/*
# Change permission
# Change permissions
find /srv/tomcat -type d -exec chmod 755 {} +
find /srv/tomcat -type f -not -path '/srv/tomcat/conf/*' -exec chmod 644 {} +
chmod 755 /srv/tomcat/bin/*.sh
@ -23,4 +22,11 @@ EOF
COPY lxc
RUN catalina.sh run
RUN EOF
# Create OS user
addgroup -S -g 8080 tomcat
adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g tomcat -G tomcat tomcat
chown -R tomcat:tomcat /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
EOF
CMD catalina.sh run