docker: change permissions on tomcat9 to allow non-root docker runs

docker/Dockerfile.soda

@@ -46,8 +46,16 @@ COPY deps/server.xml deps/server-connector.xml ${CATALINA_BASE}/conf/
 
 COPY entrypoint.sh.soda /root/entrypoint.sh
 
-# run
-
-RUN pwd && chmod +x /root/entrypoint.sh
+# modif permissions to allow run as non-root
+WORKDIR ${CATALINA_HOME}
+# orig was: chmod 1777 logs temp work;
+# logs --> /var/log/tomcat9 work --> /var/cache/tomcat9 temp (missing)
+RUN chmod -R +rX .; chmod 1777 /var/log/tomcat9 /var/cache/tomcat9
+WORKDIR ${CATALINA_BASE}
+RUN chmod -R a+rwX conf
+RUN chmod +rx /root && chmod +rx /root/entrypoint.sh
 CMD ["sh", "-c", "/root/entrypoint.sh"]
 
+#RUN pwd && chmod +x /root/entrypoint.sh
+#CMD ["sh", "-c", "/root/entrypoint.sh"]
+

docker/Dockerfile.soda.temurin-jammy

@@ -9,7 +9,7 @@ ENV HOME /root
 
 RUN apt-get -y update \
  && apt-get -y install apt-utils \
- && apt-get -y install libcfitsio-bin libcsv3 time unzip
+ && apt-get -y install libcfitsio-bin unzip
 
 # Remove the default webapps:
 RUN rm -rf /usr/local/tomcat/webapps/examples/ \
@@ -49,8 +49,12 @@ COPY deps/server.xml deps/server-connector.xml ${CATALINA_BASE}/conf/
 
 COPY entrypoint.sh.soda /root/entrypoint.sh
 
-# run
-
-RUN pwd && chmod +x /root/entrypoint.sh
+# modif permissions to allow run as non-root
+#WORKDIR ${CATALINA_HOME} <---- these set already in orig image
+#RUN chmod -R +rX .; chmod 1777 logs temp work
+# below needed because TSL and ROOT-CONTEXT config
+WORKDIR ${CATALINA_BASE}
+RUN chmod -R a+rwX conf
+RUN chmod +rx /root && chmod +rx /root/entrypoint.sh
 CMD ["sh", "-c", "/root/entrypoint.sh"]