Run as gcube. Enforce a specific uid

2023-09-18 16:41:58 +02:00 · 2023-09-18 16:41:58 +02:00 · 54ec7ff066
parent 46c556838a
commit 54ec7ff066
1 changed files with 2 additions and 1 deletions
--- a/3
+++ b/3
@ -15,12 +15,13 @@ ENV PATH=$GLOBUS_LOCATION/bin:$PATH
 #ENV GLOBUS_OPTIONS="-Dexist.home=$EXIST_HOME"
 ENV GLOBUS_OPTIONS=""

-RUN adduser --shell /usr/sbin/nologin gcube 
+RUN adduser --system --gecos "Gcube service user" --disabled-password --disabled-login --uid 333 --shell /usr/sbin/nologin gcube 
 WORKDIR /home/gcube
 RUN apt-get update && apt-get install -y wget && cd /home/gcube && wget https://nexus.d4science.org/nexus/content/repositories/gcube-staging-gcore/org/gcube/distribution/ghn-distribution/7.0.1-4.16.0-144317/ghn-distribution-7.0.1-4.16.0-144317.tar.gz && tar zxf ghn-distribution-7.0.1-4.16.0-144317.tar.gz && rm -f ghn-distribution-7.0.1-4.16.0-144317.tar.gz && mkdir -p /home/gcube/gCore/logs /home/gcube/gCore/tmp /home/gcube/gCore/config /home/gcube/gCore/etc && chown gcube /home/gcube/gCore/logs /home/gcube/gCore/tmp /home/gcube/gCore/config /home/gcube/gCore/etc
 COPY src/gcube-start-container.sh /home/gcube/gCore/bin/gcore-start-container
 RUN chmod 755 /home/gcube/gCore/bin/gcore-start-container
 EXPOSE 8080
+USER gcube
 ENTRYPOINT exec /home/gcube/gCore/bin/gcore-start-container
 # For Spring-Boot project, use the entrypoint below to reduce Tomcat startup time.
 #ENTRYPOINT exec java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar ansibleplaybookisregistryservice.jar