From 36b2c7801c4aa9eb06fcb5816c9842ebde77ce9a Mon Sep 17 00:00:00 2001
From: "fabian.wilms" <fabian.wilms@muenchen.de>
Date: Thu, 18 Jun 2020 10:36:42 +0200
Subject: [PATCH] Frost-HTTP and Frost-MQTTP Dockerfiles now create and use
 "tomcat"-user instead of using root

---
 FROST-Server.HTTP/Dockerfile  | 10 ++++++++--
 FROST-Server.MQTTP/Dockerfile | 10 ++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/FROST-Server.HTTP/Dockerfile b/FROST-Server.HTTP/Dockerfile
index f17968afe..6ad0decb8 100644
--- a/FROST-Server.HTTP/Dockerfile
+++ b/FROST-Server.HTTP/Dockerfile
@@ -1,7 +1,13 @@
 From tomcat:8.5-jdk11
 
-COPY target/docker_deps/ /usr/local/tomcat/lib/
+COPY target/docker_deps/ ${CATALINA_HOME}/lib/
 
 # Copy to images tomcat path
 ARG WAR_FILE
-COPY target/${WAR_FILE} /usr/local/tomcat/webapps/FROST-Server.war
+COPY target/${WAR_FILE} ${CATALINA_HOME}/webapps/FROST-Server.war
+
+RUN addgroup --system --gid 1000 tomcat \
+    && adduser --system --uid 1000 --gid 1000 tomcat \
+    && chown -R tomcat $CATALINA_HOME
+
+USER tomcat
\ No newline at end of file
diff --git a/FROST-Server.MQTTP/Dockerfile b/FROST-Server.MQTTP/Dockerfile
index f17968afe..6ad0decb8 100644
--- a/FROST-Server.MQTTP/Dockerfile
+++ b/FROST-Server.MQTTP/Dockerfile
@@ -1,7 +1,13 @@
 From tomcat:8.5-jdk11
 
-COPY target/docker_deps/ /usr/local/tomcat/lib/
+COPY target/docker_deps/ ${CATALINA_HOME}/lib/
 
 # Copy to images tomcat path
 ARG WAR_FILE
-COPY target/${WAR_FILE} /usr/local/tomcat/webapps/FROST-Server.war
+COPY target/${WAR_FILE} ${CATALINA_HOME}/webapps/FROST-Server.war
+
+RUN addgroup --system --gid 1000 tomcat \
+    && adduser --system --uid 1000 --gid 1000 tomcat \
+    && chown -R tomcat $CATALINA_HOME
+
+USER tomcat
\ No newline at end of file