[hop] branch master updated: change tomcat user so it's non-root, fixes #2561

hansva Thu, 13 Jul 2023 01:09:09 -0700

This is an automated email from the ASF dual-hosted git repository.

hansva pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hop.git



The following commit(s) were added to refs/heads/master by this push:
     new f01b618268 change tomcat user so it's non-root, fixes #2561
     new 1223d3c5ec Merge pull request #3070 from hansva/master
f01b618268 is described below

commit f01b6182689a5cd724ec5f25b924a169317ac368
Author: Hans Van Akelyen <[email protected]>
AuthorDate: Tue Jul 11 15:06:56 2023 +0200

    change tomcat user so it's non-root, fixes #2561
---
 docker/Dockerfile.web | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile.web b/docker/Dockerfile.web
index 2269f459b5..e5d2002d70 100644
--- a/docker/Dockerfile.web
+++ b/docker/Dockerfile.web
@@ -58,15 +58,20 @@ ENV CATALINA_OPTS='${HOP_OPTIONS} \
   -DHOP_WEB_THEME="${HOP_WEB_THEME}" \
   -DHOP_GUI_ZOOM_FACTOR="${HOP_GUI_ZOOM_FACTOR}"'
 
+# Create Hop user
+RUN groupadd -r hop -g 501
+RUN useradd -d /home/hop -u 501 -m -s /bin/bash -g hop hop
+
 # Cleanup and create folder
 RUN rm -rf webapps/* \
-    && mkdir "${CATALINA_HOME}"/webapps/ROOT
+    && mkdir "${CATALINA_HOME}"/webapps/ROOT \
+    && mkdir "${HOP_AUDIT_FOLDER}"
 
 # Copy resources
 COPY ./assemblies/web/target/webapp/ "${CATALINA_HOME}"/webapps/ROOT/
 COPY ./assemblies/plugins/dist/target/plugins "${CATALINA_HOME}"/plugins
 
-COPY ./docker/resources/run-web.sh /tmp/
+COPY --chown=hop ./docker/resources/run-web.sh /tmp/
 
 # Fix hop-config.json
 RUN sed -i 's/config\/projects/${HOP_CONFIG_FOLDER}\/projects/g' 
"${CATALINA_HOME}"/webapps/ROOT/config/hop-config.json
@@ -86,5 +91,9 @@ RUN chmod +x ${CATALINA_HOME}/webapps/ROOT/*.sh
 # point to the plugins folder
 ENV HOP_PLUGIN_BASE_FOLDERS=$CATALINA_HOME/plugins
 
+# Set permissions on project folder
+RUN chown -R hop:hop /usr/local/tomcat
+
+USER hop
 
 CMD ["/bin/bash", "/tmp/run-web.sh"]

[hop] branch master updated: change tomcat user so it's non-root, fixes #2561

Reply via email to