From 0e87b9de8287a391284eba9b25d9adeb5982fc67 Mon Sep 17 00:00:00 2001 From: Neil MacDougall Date: Wed, 11 Nov 2020 11:10:36 +0000 Subject: [PATCH] Fix permission issue in docker all in one image --- deploy/Dockerfile.all-in-one | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/deploy/Dockerfile.all-in-one b/deploy/Dockerfile.all-in-one index f577039539..44147ef5c8 100644 --- a/deploy/Dockerfile.all-in-one +++ b/deploy/Dockerfile.all-in-one @@ -23,15 +23,21 @@ RUN CERTS_PATH=/home/stratos/dev-certs ./generate_cert.sh FROM splatform/stratos-bk-base:leap15_2 ARG CANARY_BUILD -COPY --from=jetstream-builder /home/stratos/deploy/db /src/deploy/db -COPY --from=jetstream-builder /home/stratos/dev-certs /srv/dev-certs -COPY --from=jetstream-builder /home/stratos/ui /srv/ui -COPY --from=jetstream-builder /home/stratos/jetstream /srv/jetstream +# Add a jetstream user so we don't run as root +RUN useradd -M -U -u 2000 jetstream +RUN usermod -aG users jetstream + +# Ensure that the /srv folder is in the users group so that the jetstream user can write to it +RUN mkdir -p /srv && chgrp users /srv && chmod 775 /srv + +COPY --chown=jetstream:users --from=jetstream-builder /home/stratos/dev-certs /srv/dev-certs +COPY --chown=jetstream:users --from=jetstream-builder /home/stratos/ui /srv/ui +COPY --chown=jetstream:users --from=jetstream-builder /home/stratos/jetstream /srv/jetstream RUN chmod +x /srv/jetstream -COPY --from=jetstream-builder /home/stratos/config.properties /srv/config.properties +COPY --chown=jetstream:users --from=jetstream-builder /home/stratos/config.properties /srv/config.properties # User Invite templates -COPY --from=jetstream-builder /home/stratos/src/jetstream/templates /srv/templates +COPY --chown=jetstream:users --from=jetstream-builder /home/stratos/src/jetstream/templates /srv/templates # Enable persistence features if canary build flag is set RUN if [ "x$CANARY_BUILD" != "x" ] ; then printf "\nFORCE_ENABLE_PERSISTENCE_FEATURES=true\n" >> /srv/config.properties ; fi @@ -41,13 +47,6 @@ RUN if [ "x$CANARY_BUILD" != "x" ] ; then printf "\nENABLE_TECH_PREVIEW=true\n" EXPOSE 5443 -# Add a jetstream user so we don't run as root -RUN useradd -M -U -u 2000 jetstream -RUN usermod -aG users jetstream - -# Ensure that the /srv folder is in the users group so that the jetstream user can write to it -RUN chgrp users /srv && chmod 775 /srv - USER jetstream ENTRYPOINT ["./jetstream"] \ No newline at end of file