From 41de63e8367bbfa57d64583448942376726bc57d Mon Sep 17 00:00:00 2001
From: Chris Hyzer <mchyzer@isc.upenn.edu>
Date: Thu, 11 Aug 2022 22:40:02 -0400
Subject: [PATCH] optimize container

---
 Dockerfile                                         | 6 ++++--
 container_files/usr-local-bin/librarySetupFiles.sh | 8 ++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d1a03c69..4a85c5c4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -109,8 +109,10 @@ RUN touch /opt/grouper/grouperEnv.sh \
     && mkdir -p /opt/tomee/work/Catalina/localhost/ \
     && mkdir -p /opt/grouper/certs/client \
     && mkdir -p /opt/grouper/certs/anchors \
-    && chown -R tomcat:root  /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ /usr/lib/jvm/java/jre/lib/security/cacerts \
-    && chmod -R g+rwx /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ /usr/lib/jvm/java/jre/lib/security/cacerts
+    && chown tomcat:root  /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ /usr/lib/jvm/java/jre/lib/security/cacerts \
+    && chown -R tomcat:root $(find /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ ! -user tomcat -o ! -group root -print) \
+    && chmod g+rwx /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ /usr/lib/jvm/java/jre/lib/security/cacerts \
+    && chmod -R g+rwx $(find /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/tier-support/ ! -perm -g+rwx )
 
 # keep backup of files
 RUN mkdir -p /opt/tier-support/originalFiles ; \
diff --git a/container_files/usr-local-bin/librarySetupFiles.sh b/container_files/usr-local-bin/librarySetupFiles.sh
index 1b24f58d..3e9581ba 100644
--- a/container_files/usr-local-bin/librarySetupFiles.sh
+++ b/container_files/usr-local-bin/librarySetupFiles.sh
@@ -82,9 +82,13 @@ setupFiles_chownDirs() {
     # do this last
     if [ "$GROUPER_CHOWN_DIRS" = "true" ]
       then
-        chown -R tomcat:tomcat /opt/grouper/grouperWebapp /opt/tomee
+        chown tomcat:root /opt/grouper /opt/tomee
         returnCode=$?
-        echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_chownDirs) chown -R tomcat:tomcat /opt/grouper/grouperWebapp /opt/tomee, result: $returnCode"
+        echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_chownDirs) chown tomcat:root /opt/grouper /opt/tomee, result: $returnCode"
+        
+        chown -R tomcat:root $(find /opt/grouper /opt/tomee ! -user tomcat -o ! -group root -print)
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFiles.sh-setupFiles_chownDirs) chown -R tomcat:root \$(find /opt/grouper /opt/tomee ! -user tomcat -o ! -group root -print), result: $returnCode"
         # dont fail on chown
         #if [ $returnCode != 0 ]; then exit $returnCode; fi
     fi