Merge pull request #223 from xebialabs/S-109087

S 109087 Support random UID
xebialabs · May 24, 2024 · 68b7ec0 · 68b7ec0
2 parents c489a2a + d4c4a1f
commit 68b7ec0
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 26 deletions.
diff --git a/templates/dockerfiles/central-configuration/install.j2 b/templates/dockerfiles/central-configuration/install.j2
@@ -40,12 +40,7 @@ RUN chmod +x /tmp/modify-wrapper-linux-conf.gawk && \
     rm /tmp/modify-wrapper-linux-conf.gawk
 
 # Set permissions
-{%- if target_os == "redhat" %}
-RUN groupadd -r -g 10001 xebialabs && \
-{%- else %}
-RUN addgroup -S -g 10001 xebialabs && \
-{%- endif %}
-    chown -R 10001:10001 ${APP_ROOT} && \
+RUN chgrp -R 0 ${APP_ROOT} && \
     chmod -R g=u ${APP_ROOT} && \
     chmod u+x ${APP_HOME}/bin/*.sh && \
     chmod g+x ${APP_HOME}/bin/*.sh && \

diff --git a/templates/dockerfiles/deploy-task-engine/install.j2 b/templates/dockerfiles/deploy-task-engine/install.j2
@@ -49,12 +49,7 @@ RUN mv ${APP_HOME}/plugins ${APP_HOME}/default-plugins && \
     mkdir ${APP_HOME}/repository ${APP_HOME}/export ${APP_HOME}/archive ${APP_HOME}/work ${APP_HOME}/reports
 
 # Set permissions
-{%- if target_os == "redhat" %}
-RUN groupadd -r -g 10001 xebialabs && \
-{%- else %}
-RUN addgroup -S -g 10001 xebialabs && \
-{%- endif %}
-    chown -R 10001:10001 ${APP_ROOT} && \
+RUN chgrp -R 0 ${APP_ROOT} && \
     chmod -R g=u ${APP_ROOT} && \
     chmod u+x ${APP_HOME}/bin/*.sh && \
     chmod g+x ${APP_HOME}/bin/*.sh
diff --git a/templates/dockerfiles/deploy-task-engine/variables.j2 b/templates/dockerfiles/deploy-task-engine/variables.j2
@@ -1,4 +1,3 @@
 # Set root folders
-ENV USER_UID=10001 \ 
-    APP_ROOT=/opt/xebialabs \
+ENV APP_ROOT=/opt/xebialabs \
     APP_HOME=/opt/xebialabs/{{ product }}
diff --git a/templates/dockerfiles/install.j2 b/templates/dockerfiles/install.j2
@@ -73,12 +73,7 @@ RUN mv ${APP_HOME}/plugins ${APP_HOME}/default-plugins && \
     mkdir ${APP_HOME}/repository ${APP_HOME}/export ${APP_HOME}/archive ${APP_HOME}/work ${APP_HOME}/reports
 
 # Set permissions
-{%- if target_os == "redhat" %}
-RUN groupadd -r -g 10001 xebialabs && \
-{%- else %}
-RUN addgroup -S -g 10001 xebialabs && \
-{%- endif %}
-    chown -R 10001:10001 ${APP_ROOT} && \
+RUN chgrp -R 0 ${APP_ROOT} && \
     chmod -R g=u ${APP_ROOT} && \
     chmod u+x ${APP_HOME}/bin/*.sh && \
     chmod g+x ${APP_HOME}/bin/*.sh
diff --git a/templates/dockerfiles/runtime.j2 b/templates/dockerfiles/runtime.j2
@@ -3,10 +3,11 @@
 RUN echo $'\n#\n# Set TTL for DNS cache.\nnetworkaddress.cache.ttl=30' >> $(readlink -f `which java` | sed -e 's:/jre/bin/java::' -e 's:/bin/java::')/conf/security/java.security
 
 COPY resources/amd64/tini ${APP_ROOT}
-# Don't run as root and set permissions
-RUN chmod ugo+x ${APP_ROOT}/tini && \
-    groupadd -f -r -g 10001 xebialabs && \
-    useradd -r -M -u 10001 -g 0 -G xebialabs xebialabs
+RUN chmod ugo+x ${APP_ROOT}/tini
+
+# Add xebialabs user but do not switch to it
+RUN groupadd -r -g 10001 xebialabs && \
+    useradd -r -u 10001 -g xebialabs xebialabs
 
 WORKDIR ${APP_HOME}
 

diff --git a/templates/dockerfiles/variables.j2 b/templates/dockerfiles/variables.j2
@@ -1,4 +1,3 @@
 # Set root folders
-ENV USER_UID=10001 \
-    APP_ROOT=/opt/xebialabs \
+ENV APP_ROOT=/opt/xebialabs \
     APP_HOME=/opt/xebialabs/{{ product }}-server