Skip to content

Commit

Permalink
GRP-4397: dont chown / chmod logs directory in container runtime, just
Browse files Browse the repository at this point in the history 
during create
  • Loading branch information
@mchyzer
mchyzer committed Sep 30, 2022
1 parent 0b731f1 commit 28a25c1
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 24 deletions.
15 changes: 15 additions & 0 deletions container_files/docker-build-bin/containerDockerfileInstall.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,21 @@ returnCode=$?
echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/grouperWebapp/, result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi

mkdir -p /opt/grouper/logs/
returnCode=$?
echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/logs/, result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi

chown tomcat.root /opt/grouper/logs/
returnCode=$?
echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chown tomcat.root /opt/grouper/logs/, result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi

chmod g+rwxs /opt/grouper/logs/
returnCode=$?
echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod g+rwxs /opt/grouper/logs/, result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi

mkdir -p /opt/tomee/
returnCode=$?
echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/tomee/, result: $returnCode"
Expand Down
48 changes: 24 additions & 24 deletions container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,66 +11,66 @@ group=$2
# this needs to exist
mkdir -p /opt/tier

lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o ! -user $user -print | wc -l)
lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print | wc -l)
if [ $lines -ne 0 ]; then
chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o ! -user $user -print) returnCode=$?
echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o ! -user $user -print), result: $returnCode"
chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print) returnCode=$?
echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -user $user -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi

lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o ! -group $group -print | wc -l)
lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print | wc -l)
if [ $lines -ne 0 ]; then
chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o ! -group $group -print)
chown $user:$group $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print)
returnCode=$?
echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o ! -group $group -print), result: $returnCode"
echo "grouperDockerfile; INFO: ($0) chown $user:$group \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -group $group -print), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi

lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d -type d -path /opt/grouper/slashRoot -prune -o ! -perm -g+rwxs | wc -l)
lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d -type d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -g+rwxs | wc -l)
if [ $lines -ne 0 ]; then
chmod g+rwxs $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d -type d -path /opt/grouper/slashRoot -prune -o ! -perm -g+rwxs)
chmod g+rwxs $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d -type d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -g+rwxs)
returnCode=$?
echo "grouperDockerfile; INFO: ($0) chmod g+rwxs \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d -type d -path /opt/grouper/slashRoot -prune -o ! -perm -g+rwxs ), result: $returnCode"
echo "grouperDockerfile; INFO: ($0) chmod g+rwxs \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d -type d -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -g+rwxs ), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi

lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -type f -path /opt/grouper/slashRoot -prune -o ! -perm -g+rw | wc -l)
lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -type f -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -g+rw | wc -l)
if [ $lines -ne 0 ]; then
chmod g+rw $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -type f -path /opt/grouper/slashRoot -prune -o ! -perm -g+rw)
chmod g+rw $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -type f -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -g+rw)
returnCode=$?
echo "grouperDockerfile; INFO: ($0) chmod g+rw \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -type f -path /opt/grouper/slashRoot -prune -o ! -perm -g+rw ), result: $returnCode"
echo "grouperDockerfile; INFO: ($0) chmod g+rw \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -type f -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -g+rw ), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi

lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -perm -o+w -path /opt/grouper/slashRoot -prune -o -print | wc -l)
lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -perm -o+w -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -print | wc -l)
if [ $lines -ne 0 ]; then
chmod o-w $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -perm -o+w -path /opt/grouper/slashRoot -prune -o -print)
chmod o-w $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -perm -o+w -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -print)
returnCode=$?
echo "grouperDockerfile; INFO: ($0) chmod o-w \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -perm -o+w -path /opt/grouper/slashRoot -prune -o -print ), result: $returnCode"
echo "grouperDockerfile; INFO: ($0) chmod o-w \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /usr/local/bin /etc/httpd/conf.d /usr/lib/jvm/java/jre/lib/security/cacerts -perm -o+w -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o -print ), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi

lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o ! -perm -g+x -print | wc -l)
lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -g+x -print | wc -l)
if [ $lines -ne 0 ]; then
chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o ! -perm -g+x)
chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -g+x)
returnCode=$?
echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name \"*.sh\" -path /opt/grouper/slashRoot -prune -o ! -perm -g+x), result: $returnCode"
echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name \"*.sh\" -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -g+x), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi

lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o ! -perm -u+x | wc -l)
lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -u+x | wc -l)
if [ $lines -ne 0 ]; then
chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o ! -perm -u+x)
chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -u+x)
returnCode=$?
echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name \"*.sh\" -path /opt/grouper/slashRoot -prune -o ! -perm -u+x), result: $returnCode"
echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name \"*.sh\" -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -u+x), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi

lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o ! -perm -o+x | wc -l)
lines=$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -o+x | wc -l)
if [ $lines -ne 0 ]; then
chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o ! -perm -o+x)
chmod +x $(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name "*.sh" -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -o+x)
returnCode=$?
echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name \"*.sh\" -path /opt/grouper/slashRoot -prune -o ! -perm -o+x), result: $returnCode"
echo "grouperDockerfile; INFO: ($0) chmod +x \$(find /home/$user /opt/container_files /opt/grouper /opt/tier /opt/tier-support /opt/tomee /etc/httpd/conf /home/tomcat /etc/httpd/conf.d -type f -name \"*.sh\" -path /opt/grouper/slashRoot -prune -o -path /opt/grouper/logs -prune -o ! -perm -o+x), result: $returnCode"
if [ $returnCode != 0 ]; then exit $returnCode; fi
fi

Expand Down

0 comments on commit 28a25c1

Please sign in to comment.