Skip to content

Commit 2860c01

Browse files
patrickdungpatrickdung
committed
Not running as root
1 parent 6a511c3 commit 2860c01

File tree

3 files changed

+39
-6
lines changed

3 files changed

+39
-6
lines changed

Dockerfile

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,11 +61,26 @@ RUN set -eux && \
6161
dnf --nodocs --setopt=install_weak_deps=0 --setopt=keepcache=0 \
6262
-y upgrade && \
6363
dnf clean all && \
64-
rm -rf /var/cache/yum
64+
rm -rf /var/cache/yum && \
65+
groupadd \
66+
--gid 20000 \
67+
mcrouter && \
68+
useradd --no-log-init \
69+
--create-home \
70+
--home-dir /home/mcrouter \
71+
--shell /bin/bash \
72+
--uid 20000 \
73+
--gid 20000 \
74+
--key MAIL_DIR=/dev/null \
75+
mcrouter && \
76+
chown -R mcrouter:mcrouter /home/mcrouter
6577

6678
RUN --mount=type=bind,target=/tmp/scripts,source=scripts /tmp/scripts/runtime_deps.sh $MCROUTER_DIR
6779

6880
ENV LD_LIBRARY_PATH "$INSTALL_DIR/lib64:$INSTALL_DIR/lib:$LD_LIBRARY_PATH"
6981

7082
## Already added in the setup script
7183
##ENV LD_PRELOAD=/usr/lib64/libjemalloc.so.2
84+
85+
USER mcrouter
86+
WORKDIR /home/mcrouter

Dockerfile.arm64

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,11 +62,26 @@ RUN set -eux && \
6262
dnf --nodocs --setopt=install_weak_deps=0 --setopt=keepcache=0 \
6363
-y upgrade && \
6464
dnf clean all && \
65-
rm -rf /var/cache/yum
65+
rm -rf /var/cache/yum && \
66+
groupadd \
67+
--gid 20000 \
68+
mcrouter && \
69+
useradd --no-log-init \
70+
--create-home \
71+
--home-dir /home/mcrouter \
72+
--shell /bin/bash \
73+
--uid 20000 \
74+
--gid 20000 \
75+
--key MAIL_DIR=/dev/null \
76+
mcrouter && \
77+
chown -R mcrouter:mcrouter /home/mcrouter
6678

6779
RUN --mount=type=bind,target=/tmp/scripts,source=scripts /tmp/scripts/runtime_deps.sh $MCROUTER_DIR
6880

6981
ENV LD_LIBRARY_PATH "$INSTALL_DIR/lib64:$INSTALL_DIR/lib:$LD_LIBRARY_PATH"
7082

7183
## Already added in the setup script
7284
##ENV LD_PRELOAD=/usr/lib64/libjemalloc.so.2
85+
86+
USER mcrouter
87+
WORKDIR /home/mcrouter

scripts/runtime_deps.sh

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,16 +24,19 @@ set -ex
2424
mkdir -p /var/mcrouter/stats
2525
mkdir -p /var/mcrouter/fifos
2626
mkdir -p /var/mcrouter/config
27-
chgrp -R 0 /var/mcrouter
28-
chmod -R g=u /var/mcrouter
27+
#chgrp -R 0 /var/mcrouter
28+
#chmod -R g=u /var/mcrouter
29+
chown -R 20000:20000 /var/mcrouter
2930

3031
## Create spooldir
3132
mkdir -p /var/spool/mcrouter
32-
chgrp -R 0 /var/spool/mcrouter
33-
chmod -R g=u /var/spool/mcrouter
33+
#chgrp -R 0 /var/mcrouter
34+
#chmod -R g=u /var/spool/mcrouter
35+
chown -R 20000:20000 /var/spool/mcrouter
3436

3537
## Make runnable from any context
3638
ln -s "$INSTALL_DIR/bin/mcrouter" /usr/bin/mcrouter
3739
echo "export LD_LIBRARY_PATH=\"$INSTALL_DIR/lib64:$INSTALL_DIR/lib:$LD_LIBRARY_PATH\"" >> /etc/profile.d/mcrouter_libs.sh
3840
chmod +x /etc/profile.d/mcrouter_libs.sh
3941
echo "export LD_PRELOAD=/usr/lib64/libjemalloc.so.2" >> ~/.bashrc
42+
echo "export LD_PRELOAD=/usr/lib64/libjemalloc.so.2" >> /home/mcrouter/.bashrc

0 commit comments

Comments
 (0)