For some reason there where all over the place group write permission…

…, which is incorrect. Those should only be applied to directories the final image on openshift needs write access to.
vpro · Feb 12, 2025 · 65ab5c2 · 65ab5c2
1 parent 6e9b500
commit 65ab5c2
Showing 1 changed file with 10 additions and 16 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -129,32 +129,27 @@ CMD ["/usr/local/catalina-base/bin/start.sh"]
 ADD catalina_base ${CATALINA_BASE}/
 
 RUN echo Catalina base: ${CATALINA_BASE} && \
-  for directory in 'webapps' 'work'; do \
-      mkdir -p ${CATALINA_BASE}/$directory && \
-      chmod 775 ${CATALINA_BASE}/$directory && \
-      rm -rf ${CATALINA_HOME}/$directory; \
-  done && \
   rm -rf ${CATALINA_HOME}/webapps.dist && \
   chmod -R o-w ${CATALINA_HOME} && \
-  chmod -R g=u ${CATALINA_HOME} && \
+  chmod -R g=o ${CATALINA_HOME} && \
   chmod -R o-w ${CATALINA_BASE} && \
-  chmod -R g=u ${CATALINA_BASE} && \
+  chmod -R g=o ${CATALINA_BASE} && \
   mkdir -p  ${CATALINA_BASE}/conf/Catalina/localhost && \
-  chmod 775 ${CATALINA_BASE}/conf/Catalina/localhost && \
-  (cd ${CATALINA_BASE} && ln -s /data/logs logs) && \
-  for directory in 'work'; do \
-    mkdir -p ${CATALINA_BASE}/$directory && \
-    chmod 775 ${CATALINA_BASE}/$directory && \
-    chgrp -R 0 ${CATALINA_BASE}/$directory; \
+  chmod 755 ${CATALINA_BASE}/conf/Catalina/localhost && \
+  for directory in 'webapps' 'work'; do \
+      mkdir -p ${CATALINA_BASE}/$directory && \
+      chmod 755 ${CATALINA_BASE}/$directory && \
+      rm -rf ${CATALINA_HOME}/$directory; \
   done && \
+  (cd ${CATALINA_HOME} && rm -rf temp && rm -rf logs) && \
+  (cd ${CATALINA_BASE} && ln -s /data/logs logs) && \
   sed -E -i "s|^(tomcat.util.scan.StandardJarScanFilter.jarsToScan[ \t]*=)(.*)$|\1${JARS_TO_SCAN}|g"  ${CATALINA_BASE}/conf/catalina.properties && \
   mkdir ${CATALINA_BASE}/lib && \
   echo '#this file is hidden in openshift\nenv=localhost' > /conf/application.properties && \
   (echo -e "vpro/tomcat git version=${CI_COMMIT_SHA}\t${CI_COMMIT_REF_NAME}\t${CI_COMMIT_TIMESTAMP}\t${CI_COMMIT_TITLE}") > /DOCKER.BUILD && \
   (echo -n "vpro/tomcat build time=" ; date -Iseconds) >> /DOCKER.BUILD
 
 
-RUN useradd tomcat
 
 # The onbuild commands to install the application when this image is overlaid
 
@@ -187,7 +182,7 @@ ONBUILD RUN (\
      fi && \
      cd ${CATALINA_BASE}/webapps && \
      mkdir -p ${CONTEXT} && \
-     chmod 775 ${CONTEXT} && \
+     chmod 755 ${CONTEXT} && \
      cd ${CONTEXT} && \
      unzip -q /tmp/app.war && \
      rm /tmp/app.war &&\
@@ -216,4 +211,3 @@ ONBUILD RUN apt-get update && apt-get -y upgrade && \
   (echo -n "${NAME} build time=" ; date -Iseconds) >> /DOCKER.BUILD
 
 
-ONBUILD USER tomcat