From f6ee39f9ff487a75e83f700023f4c1ce69dfa244 Mon Sep 17 00:00:00 2001 From: 0x1def <0x1def@flakybit.net> Date: Thu, 9 Nov 2023 08:31:17 +0300 Subject: [PATCH] Added user/group fixed config and directories permissions --- Dockerfile | 8 ++++++-- rootfs/opt/bitnami/scripts/mongodb/postunpack.sh | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5fb8106..fe9e1de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,9 @@ LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ ENV HOME="/" \ OS_ARCH="amd64" \ OS_FLAVOUR="debian-12" \ - OS_NAME="linux" + OS_NAME="linux" \ + UID=1001 \ + GID=1001 COPY prebuildfs / SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -43,6 +45,8 @@ RUN apt-get autoremove --purge -y curl && \ RUN chmod g+rwX /opt/bitnami COPY rootfs / +RUN groupadd --gid $GID mongo && \ + useradd --uid $UID --gid $GID --no-create-home --home-dir /opt/bitnami/mongodb mongo RUN /opt/bitnami/scripts/mongodb/postunpack.sh ENV APP_VERSION="${VERSION}" \ BITNAMI_APP_NAME="mongodb" \ @@ -50,6 +54,6 @@ ENV APP_VERSION="${VERSION}" \ EXPOSE 27017 -USER 1001 +USER $UID:$GID ENTRYPOINT [ "/opt/bitnami/scripts/mongodb/entrypoint.sh" ] CMD [ "/opt/bitnami/scripts/mongodb/run.sh" ] diff --git a/rootfs/opt/bitnami/scripts/mongodb/postunpack.sh b/rootfs/opt/bitnami/scripts/mongodb/postunpack.sh index de83a4e..ed67b0e 100755 --- a/rootfs/opt/bitnami/scripts/mongodb/postunpack.sh +++ b/rootfs/opt/bitnami/scripts/mongodb/postunpack.sh @@ -21,6 +21,7 @@ for dir in "$MONGODB_TMP_DIR" "$MONGODB_LOG_DIR" "$MONGODB_CONF_DIR" "$MONGODB_D ensure_dir_exists "$dir" done chmod -R g+rwX "$MONGODB_TMP_DIR" "$MONGODB_LOG_DIR" "$MONGODB_CONF_DIR" "$MONGODB_DATA_DIR" "$MONGODB_VOLUME_DIR" "$MONGODB_INITSCRIPTS_DIR" +chown -R $UID:$GID "$MONGODB_TMP_DIR" "$MONGODB_LOG_DIR" "$MONGODB_CONF_DIR" "$MONGODB_DATA_DIR" "$MONGODB_VOLUME_DIR" render-template "$MONGODB_MONGOD_TEMPLATES_FILE" >"$MONGODB_CONF_FILE" @@ -33,7 +34,11 @@ touch "$MONGOSH_RC_FILE" && chmod g+rw "$MONGOSH_RC_FILE" # Create .mongodb folder to avoid error message mkdir "$MONGOSH_DIR" && chmod g+rwX "$MONGOSH_DIR" +chown $UID:$GID "$MONGODB_CONF_FILE" chmod 660 "$MONGODB_CONF_FILE" # Redirect all logging to stdout ln -sf /dev/stdout "$MONGODB_LOG_FILE" + +chown -R $UID:$GID "$MONGODB_TMP_DIR" "$MONGODB_LOG_DIR" "$MONGODB_CONF_DIR" "$MONGODB_DATA_DIR" "$MONGODB_VOLUME_DIR" "$MONGOSH_DIR" +chown $UID:$GID "$MONGODB_DB_SHELL_FILE" "$MONGODB_RC_FILE" "$MONGOSH_RC_FILE"