run management container as non-root (#19)

wmo-im · Aug 14, 2024 · 1535200 · 1535200
1 parent 303ee4c
commit 1535200
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/wis2-gdc-management/Dockerfile b/wis2-gdc-management/Dockerfile
@@ -31,7 +31,7 @@ ENV TZ="Etc/UTC" \
 COPY ./ /app
 
 # add to crontab
-COPY ./docker/wis2-gdc-management.cron /etc/cron.d/wis2-gdc-management.cron
+COPY ./docker/wis2-gdc-management.cron /var/spool/cron/crontabs/wis2-gdc
 
 RUN apt-get update -y && \
     # install dependencies
@@ -45,7 +45,11 @@ RUN apt-get update -y && \
     apt autoremove -y && \
     apt-get -q clean && \
     rm -rf /var/lib/apt/lists/* && \
-    chmod 0644 /etc/cron.d/wis2-gdc-management.cron && \
-    crontab /etc/cron.d/wis2-gdc-management.cron
+    chmod 0644 /var/spool/cron/crontabs/wis2-gdc && \
+    crontab /var/spool/cron/crontabs/wis2-gdc && \
+    # add wis2-gdc user
+    useradd -ms /bin/bash wis2-gdc
+
+USER wis2-gdc
 
 ENTRYPOINT [ "/app/docker/entrypoint.sh" ]
diff --git a/wis2-gdc-management/docker/wis2-gdc-management.cron b/wis2-gdc-management/docker/wis2-gdc-management.cron
@@ -1 +1 @@
-0 0 * * * su -c "wis2-gdc archive $WIS2_GDC_METADATA_ARCHIVE_ZIPFILE" > /proc/1/fd/1 2>/proc/1/fd/2
+0 0 * * * wis2-gdc archive $WIS2_GDC_METADATA_ARCHIVE_ZIPFILE > /proc/1/fd/1 2>/proc/1/fd/2
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		0 0 * * * su -c "wis2-gdc archive $WIS2_GDC_METADATA_ARCHIVE_ZIPFILE" > /proc/1/fd/1 2>/proc/1/fd/2
		0 0 * * * wis2-gdc archive $WIS2_GDC_METADATA_ARCHIVE_ZIPFILE > /proc/1/fd/1 2>/proc/1/fd/2