Run as gcube. Enforce a specific uid
This commit is contained in:
parent
46c556838a
commit
54ec7ff066
|
@ -15,12 +15,13 @@ ENV PATH=$GLOBUS_LOCATION/bin:$PATH
|
|||
#ENV GLOBUS_OPTIONS="-Dexist.home=$EXIST_HOME"
|
||||
ENV GLOBUS_OPTIONS=""
|
||||
|
||||
RUN adduser --shell /usr/sbin/nologin gcube
|
||||
RUN adduser --system --gecos "Gcube service user" --disabled-password --disabled-login --uid 333 --shell /usr/sbin/nologin gcube
|
||||
WORKDIR /home/gcube
|
||||
RUN apt-get update && apt-get install -y wget && cd /home/gcube && wget https://nexus.d4science.org/nexus/content/repositories/gcube-staging-gcore/org/gcube/distribution/ghn-distribution/7.0.1-4.16.0-144317/ghn-distribution-7.0.1-4.16.0-144317.tar.gz && tar zxf ghn-distribution-7.0.1-4.16.0-144317.tar.gz && rm -f ghn-distribution-7.0.1-4.16.0-144317.tar.gz && mkdir -p /home/gcube/gCore/logs /home/gcube/gCore/tmp /home/gcube/gCore/config /home/gcube/gCore/etc && chown gcube /home/gcube/gCore/logs /home/gcube/gCore/tmp /home/gcube/gCore/config /home/gcube/gCore/etc
|
||||
COPY src/gcube-start-container.sh /home/gcube/gCore/bin/gcore-start-container
|
||||
RUN chmod 755 /home/gcube/gCore/bin/gcore-start-container
|
||||
EXPOSE 8080
|
||||
USER gcube
|
||||
ENTRYPOINT exec /home/gcube/gCore/bin/gcore-start-container
|
||||
# For Spring-Boot project, use the entrypoint below to reduce Tomcat startup time.
|
||||
#ENTRYPOINT exec java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar ansibleplaybookisregistryservice.jar
|
||||
|
|
Loading…
Reference in New Issue