From 6e6e963085c2b8c79cc648b0321a0699eb7023fc Mon Sep 17 00:00:00 2001
From: Robert Butora <robert.butora@inaf.it>
Date: Thu, 19 Sep 2024 18:53:13 +0200
Subject: [PATCH] docker: change permissions on tomcat9 to allow non-root
 docker runs

---
 docker/Dockerfile.soda               | 14 +++++++++++---
 docker/Dockerfile.soda.temurin-jammy | 12 ++++++++----
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/docker/Dockerfile.soda b/docker/Dockerfile.soda
index 0579b8e..4f201f5 100644
--- a/docker/Dockerfile.soda
+++ b/docker/Dockerfile.soda
@@ -46,8 +46,16 @@ COPY deps/server.xml deps/server-connector.xml ${CATALINA_BASE}/conf/
 
 COPY entrypoint.sh.soda /root/entrypoint.sh
 
-# run
-
-RUN pwd && chmod +x /root/entrypoint.sh
+# modif permissions to allow run as non-root
+WORKDIR ${CATALINA_HOME}
+# orig was: chmod 1777 logs temp work;
+# logs --> /var/log/tomcat9 work --> /var/cache/tomcat9 temp (missing)
+RUN chmod -R +rX .; chmod 1777 /var/log/tomcat9 /var/cache/tomcat9
+WORKDIR ${CATALINA_BASE}
+RUN chmod -R a+rwX conf
+RUN chmod +rx /root && chmod +rx /root/entrypoint.sh
 CMD ["sh", "-c", "/root/entrypoint.sh"]
 
+#RUN pwd && chmod +x /root/entrypoint.sh
+#CMD ["sh", "-c", "/root/entrypoint.sh"]
+
diff --git a/docker/Dockerfile.soda.temurin-jammy b/docker/Dockerfile.soda.temurin-jammy
index eb66b16..0b23b9f 100644
--- a/docker/Dockerfile.soda.temurin-jammy
+++ b/docker/Dockerfile.soda.temurin-jammy
@@ -9,7 +9,7 @@ ENV HOME /root
 
 RUN apt-get -y update \
  && apt-get -y install apt-utils \
- && apt-get -y install libcfitsio-bin libcsv3 time unzip
+ && apt-get -y install libcfitsio-bin unzip
 
 # Remove the default webapps:
 RUN rm -rf /usr/local/tomcat/webapps/examples/ \
@@ -49,8 +49,12 @@ COPY deps/server.xml deps/server-connector.xml ${CATALINA_BASE}/conf/
 
 COPY entrypoint.sh.soda /root/entrypoint.sh
 
-# run
-
-RUN pwd && chmod +x /root/entrypoint.sh
+# modif permissions to allow run as non-root
+#WORKDIR ${CATALINA_HOME} <---- these set already in orig image
+#RUN chmod -R +rX .; chmod 1777 logs temp work
+# below needed because TSL and ROOT-CONTEXT config
+WORKDIR ${CATALINA_BASE}
+RUN chmod -R a+rwX conf
+RUN chmod +rx /root && chmod +rx /root/entrypoint.sh
 CMD ["sh", "-c", "/root/entrypoint.sh"]
 
-- 
GitLab