From 53b2b2ed4ba7eeaa5938e9bbd811b5f73555fd7a Mon Sep 17 00:00:00 2001 From: Zedifus Date: Tue, 1 Mar 2022 20:20:17 +0000 Subject: [PATCH] Revert my last commit correctly Man these are so getting squashed --- Dockerfile | 23 +++++++++++------------ docker-compose.yml.example | 2 ++ docker/docker-compose.yml | 2 ++ docker_launcher.sh | 9 +++++++++ 4 files changed, 24 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 474fd3ef..e798a102 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,9 +7,11 @@ LABEL maintainer="Dockerfile created by Zedifus " # Security Patch for CVE-2021-44228 ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true -# Install Packages and Setup Dependencies in venv +# Install Packages, Dependencies and Setup user COPY requirements.txt /commander-venv/requirements.txt -RUN apt-get update \ +RUN groupadd -g "${PGID:-0}" -o crafty \ + && useradd -g "${PGID:-0}" -u "${PUID:-0}" -o crafty \ + && apt-get update \ && apt-get -y --no-install-recommends install \ gcc \ python3 \ @@ -28,20 +30,16 @@ RUN apt-get update \ && . /commander-venv/bin/activate \ && pip3 install --no-cache-dir --upgrade setuptools==50.3.2 pip==22.0.3 \ && pip3 install --no-cache-dir -r /commander-venv/requirements.txt \ - && deactivate + && deactivate \ + && chown -R crafty:crafty /commander-venv -# Copy Source and prepare config if needed, Then apply permissions. +# Copy Source & copy default config from image COPY ./ /commander WORKDIR /commander RUN mv ./app/config ./app/config_original \ && mv ./app/config_original/default.json.example ./app/config_original/default.json \ - && chown -R 1001:0 /commander /commander-venv \ - && chmod -R g=u /commander /commander-venv \ - && chmod +x ./docker_launcher.sh \ - && chmod 775 /commander /commander-venv - -# Switch user to non-root -USER 1001 + && chown -R crafty:crafty /commander \ + && chmod +x ./docker_launcher.sh # Expose Web Interface port & Server port range EXPOSE 8000 @@ -49,6 +47,7 @@ EXPOSE 8443 EXPOSE 19132 EXPOSE 25500-25600 -# Start Crafty Commander through wrapper +# Start Crafty Commander through wrapper as crafty +USER crafty ENTRYPOINT ["/commander/docker_launcher.sh"] CMD ["-v", "-d", "-i"] diff --git a/docker-compose.yml.example b/docker-compose.yml.example index 4de61fd7..852c9a80 100644 --- a/docker-compose.yml.example +++ b/docker-compose.yml.example @@ -5,6 +5,8 @@ services: container_name: crafty_commander image: registry.gitlab.com/crafty-controller/crafty-commander:latest environment: + - PGID=0 + - PUID=0 - TZ=Etc/UTC ports: - "8000:8000" # HTTP diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index cefacb35..b40dd3d0 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -5,6 +5,8 @@ services: container_name: crafty_commander build: .. environment: + - PGID=0 + - PUID=0 - TZ=Etc/UTC ports: - "8000:8000" # HTTP diff --git a/docker_launcher.sh b/docker_launcher.sh index 3eed33b8..7af8edbd 100644 --- a/docker_launcher.sh +++ b/docker_launcher.sh @@ -6,6 +6,15 @@ if [ ! "$(ls -A ./app/config)" ]; then cp -r ./app/config_original/* ./app/config/ fi +# Set user/group permissions to env or default to image root +groupmod -g "${PGID}" -o crafty +sed -i -E "s/^(crafty:x):[0-9]+:[0-9]+:(.*)/\\1:$PUID:$PGID:\\2/" /etc/passwd + +# Apply new permissions taken from env over working dirs +chown -R crafty:crafty \ + /commander/ \ + /commander-venv/ + # Activate our prepared venv and launch crafty with provided args . /commander-venv/bin/activate exec python3 main.py $@