Closed vchendrix closed 2 years ago
I ran into a permissions issue when running a docker image built with the following command. Additionally, I ran into problems building the image because it wasn't passing through my UID and GID
$ cat /etc/centos-release CentOS Linux release 7.9.2009 (Core) $ docker --version Docker version 20.10.17, build 100c701 $ export SOLR_VERSION=8.11; ./build.sh 2.18.0 $WFSI_USER $WFSI_GROUP
I was able to fix this with the following changes.
diff --git a/Dockerfile b/Dockerfile index 96e87ba..b99df57 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,14 +34,16 @@ RUN groupadd -g ${METACATUI_GID} metacatui \ && chown -hR metacatui:metacatui /usr/local/apache2/ /var/log/apache2 \ && chmod g+ws /usr/local/apache2/htdocs/ \ && patch conf/extra/httpd-ssl.conf /tmp/httpd-ssl.conf.patch \ - && patch conf/httpd.conf /tmp/httpd.conf.patch + && patch conf/httpd.conf /tmp/httpd.conf.patch \ + && chown metacatui:metacatui /tmp/* + #setcap to bind to privileged ports as non-root RUN setcap 'cap_net_bind_service=+ep' /usr/local/apache2/bin/httpd RUN getcap /usr/local/apache2/bin/httpd COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +RUN chmod 775 /usr/local/bin/docker-entrypoint.sh && ln -s usr/local/bin/docker-entrypoint.sh ENTRYPOINT ["docker-entrypoint.sh"] (reverse-i-search)`bui': cd ../^Cild/docker-metacatui/ (reverse-i-search)`bui': cd ../^Cild/docker-metacatui/ (reverse-i-search)`build.sh': ./^Cild.sh 2.21.0 $WFSI_USER $WFSI_GROUP [wfsi@wfsi-data docker-metacatui]$ cat /etc/centos-release CentOS Linux release 7.9.2009 (Core) [wfsi@wfsi-data docker-metacatui]$ docker --version Docker version 20.10.17, build 100c701 [wfsi@wfsi-data docker-metacatui]$ cd ../docker-metacat [wfsi@wfsi-data docker-metacat]$ git diff diff --git a/build.sh b/build.sh index 506ff8a..5793fe0 100755 --- a/build.sh +++ b/build.sh @@ -11,26 +11,14 @@ BUILD_ARGS="${BUILD_ARGS} --build-arg SOLR_VERSION=$SOLR_VERSION" if [ ! -z $2 ] ; then - ESSIDIVE_UID=$2 + BUILD_ARGS="${BUILD_ARGS} --build-arg METACAT_UID=$2" fi if [ ! -z $3 ] ; then - ESSIDIVE_GID=$3 + BUILD_ARGS="${BUILD_ARGS} --build-arg METACAT_GID=$3" fi -if [ ! -z $ESSDIVE_UID ]; -then - BUILD_ARGS="${BUILD_ARGS} --build-arg METACAT_UID=$ESSDIVE_UID" -fi - -if [ ! -z $ESSDIVE_GID ]; -then - BUILD_ARGS="${BUILD_ARGS} --build-arg METACAT_GID=$ESSDIVE_GID" -fi - - - DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" #Read the split words into an array based on space delimiter diff --git a/metacat/Dockerfile b/metacat/Dockerfile index 0d676f3..0de02d7 100644 --- a/metacat/Dockerfile +++ b/metacat/Dockerfile @@ -22,6 +22,7 @@ ADD image_version.yml image_version.yml RUN apt-get update && apt-get install -y --no-install-recommends \ patch \ python3-bcrypt \ + unzip \ vim \ netcat \ libxml2-utils \ @@ -39,13 +40,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ ADD metacat/metacat.conf /etc/logrotate.d/ COPY metacat/apply_config.py /usr/local/bin/ -RUN ln -s usr/local/bin/apply_config.py / # backwards compat +RUN chmod 775 /usr/local/bin/apply_config.py && ln -s usr/local/bin/apply_config.py / # backw COPY metacat/apply_context.py /usr/local/bin/ -RUN ln -s usr/local/bin/apply_context.py / # backwards compat +RUN chmod 775 /usr/local/bin/apply_context.py && ln -s usr/local/bin/apply_context.py / # bac COPY metacat/docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +RUN chmod 775 /usr/local/bin/docker-entrypoint.sh && ln -s usr/local/bin/docker-entrypoint.sh RUN [ -L /usr/bin/python ] && unlink /usr/bin/python; \ ln -s /usr/bin/python3 /usr/bin/python # symbolic link to python ENTRYPOINT ["docker-entrypoint.sh"] @@ -57,6 +58,7 @@ RUN patch conf/server.xml /tmp/server.xml.patch RUN groupadd -g ${METACAT_GID} metacat && \ useradd -u ${METACAT_UID} -g ${METACAT_GID} -c 'Metacat User' --no-create-home metacat & mkdir -p /var/metacat && \ + chmod 775 /etc/logrotate.d/metacat.conf && \ chown -R metacat:metacat /tmp/skins && \ chown -R metacat:metacat /var/metacat logs temp work && \ chown -R metacat:metacat /usr/local/tomcat/conf && \ diff --git a/solr/Dockerfile b/solr/Dockerfile index dc18839..2601296 100644 --- a/solr/Dockerfile +++ b/solr/Dockerfile @@ -4,3 +4,8 @@ FROM solr:${SOLR_VERSION} ADD image_version.yml image_version.yml ADD solr/WEB-INF/classes/solr-home/conf /tmp/conf ADD solr/configure_metacat_solrcore.sh /docker-entrypoint-initdb.d + +USER root +RUN chmod 777 /docker-entrypoint-initdb.d/configure_metacat_solrcore.sh +USER solr +
I ran into a permissions issue when running a docker image built with the following command. Additionally, I ran into problems building the image because it wasn't passing through my UID and GID
I was able to fix this with the following changes.