inteligr8/alfresco-transform-core
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-transform-core.git synced 2025-08-14 17:58:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

ATS-341 : ATS: Shadow MNT-20344: ATS docker images should not run as root

Browse Source 
- run docker engines as non-root user
This commit is contained in:
DenisGabriela
2019-04-12 14:48:42 +03:00
parent eddfeb90a6
commit d4f6fd514a
4 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
alfresco-docker-alfresco-pdf-renderer/Dockerfile
View File

@@ -9,6 +9,12 @@ ENV ALFRESCO_PDF_RENDERER_LIB_RPM_URL=https://nexus.alfresco.com/nexus/service/l
ENV PDFIUM_LICENSE_FILE=https://github.com/Alfresco/acs-community-packaging/blob/master/distribution/src/main/resources/licenses/3rd-party/pdfium.txt
ENV JAVA_OPTS="-Xms256M -Xmx2048M"
# Set default user information
ARG GROUPNAME=Alfresco
ARG GROUPID=1000
ARG USERNAME=pdf
ARG USERID=33001
COPY target/alfresco-docker-alfresco-pdf-renderer-${env.project_version}.jar /usr/bin
RUN ln /usr/bin/alfresco-docker-alfresco-pdf-renderer-${env.project_version}.jar /usr/bin/alfresco-docker-alfresco-pdf-renderer.jar && \
@@ -24,7 +30,13 @@ ADD target/generated-resources/licenses /licenses
ADD target/generated-resources/licenses.xml /licenses/
ADD target/generated-sources/license/THIRD-PARTY.txt /licenses/
RUN groupadd -g ${GROUPID} ${GROUPNAME} && \
useradd -u ${USERID} -G ${GROUPNAME} ${USERNAME} && \
chgrp -R ${GROUPNAME} /usr/bin/alfresco-docker-alfresco-pdf-renderer.jar
EXPOSE 8090
USER ${USERNAME}
ENTRYPOINT java $JAVA_OPTS -jar /usr/bin/alfresco-docker-alfresco-pdf-renderer.jar