docker: add support for arbitrary user ids (for OpenShift compatibility)

This solves a compatibility problem with OpenShift. In OpenShift security model, the containers are run by arbitrary user ids, but the users are always a member of the root group. This PR adjusts the permissions accordingly. Documentation reference: https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#use-uid
2020-03-27 06:45:55 +01:00 · 2020-03-27 06:45:55 +01:00 · ffc718e8c0
parent 79406051fa
commit ffc718e8c0
1 changed files with 7 additions and 4 deletions
--- a/11
+++ b/11
@ -25,13 +25,13 @@ ENV NODE_ENV=development
 # that do not allow images running as root.
 RUN useradd --uid 5001 --create-home etherpad

-RUN mkdir /opt/etherpad-lite && chown etherpad:etherpad /opt/etherpad-lite
+RUN mkdir /opt/etherpad-lite && chown etherpad:0 /opt/etherpad-lite

-USER etherpad:etherpad
+USER etherpad

 WORKDIR /opt/etherpad-lite

-COPY --chown=etherpad:etherpad ./ ./
+COPY --chown=etherpad:0 ./ ./

 # install node dependencies for Etherpad
 RUN bin/installDeps.sh && \
@ -44,7 +44,10 @@ RUN bin/installDeps.sh && \
 RUN for PLUGIN_NAME in ${ETHERPAD_PLUGINS}; do npm install "${PLUGIN_NAME}"; done

 # Copy the configuration file.
-COPY --chown=etherpad:etherpad ./settings.json.docker /opt/etherpad-lite/settings.json
+COPY --chown=etherpad:0 ./settings.json.docker /opt/etherpad-lite/settings.json
+
+# Fix permissions for root group
+RUN chmod -R g=u .

 EXPOSE 9001
 CMD ["node", "node_modules/ep_etherpad-lite/node/server.js"]