From 01c4137dc9d6e3f8e0e44f56328222d994d27e3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20M=C3=A4der?= Date: Sun, 17 Nov 2019 18:03:59 +0100 Subject: [PATCH 1/3] Adds netbox user --- Dockerfile | 10 ++++++++++ docker-compose.yml | 1 + 2 files changed, 11 insertions(+) diff --git a/Dockerfile b/Dockerfile index d7a9af9..da15ecb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,6 +51,10 @@ RUN apk add --no-cache \ postgresql-libs \ ttf-ubuntu-font-family +RUN addgroup -S -g 101 netbox \ + && adduser -DHS -u 101 netbox \ + && adduser netbox netbox + WORKDIR /opt COPY --from=builder /install /usr/local @@ -68,6 +72,12 @@ COPY configuration/configuration.py /etc/netbox/config/configuration.py WORKDIR /opt/netbox/netbox +# Must set permissions for '/opt/netbox/netbox/static' directory +# to a+w so that `./manage.py collectstatic` can be executed during +# container startup. +# Not satisfying +RUN mkdir static && chmod a+w static media + ENTRYPOINT [ "/opt/netbox/docker-entrypoint.sh" ] CMD ["gunicorn", "-c /etc/netbox/config/gunicorn_config.py", "netbox.wsgi"] diff --git a/docker-compose.yml b/docker-compose.yml index f00700a..da5fbd5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,6 +7,7 @@ services: - redis - netbox-worker env_file: env/netbox.env + user: netbox volumes: - ./startup_scripts:/opt/netbox/startup_scripts:z,ro - ./initializers:/opt/netbox/initializers:z,ro From 7942e9edbe89469fd691d1bed634ab84decb00b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20M=C3=A4der?= Date: Mon, 18 Nov 2019 08:23:44 +0100 Subject: [PATCH 2/3] Remove the named user, change permissions to 'g+w' --- Dockerfile | 11 ++++------- docker-compose.yml | 2 +- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index da15ecb..af70e38 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,10 +51,6 @@ RUN apk add --no-cache \ postgresql-libs \ ttf-ubuntu-font-family -RUN addgroup -S -g 101 netbox \ - && adduser -DHS -u 101 netbox \ - && adduser netbox netbox - WORKDIR /opt COPY --from=builder /install /usr/local @@ -73,10 +69,11 @@ COPY configuration/configuration.py /etc/netbox/config/configuration.py WORKDIR /opt/netbox/netbox # Must set permissions for '/opt/netbox/netbox/static' directory -# to a+w so that `./manage.py collectstatic` can be executed during +# to g+w so that `./manage.py collectstatic` can be executed during # container startup. -# Not satisfying -RUN mkdir static && chmod a+w static media +# Must set permissions for '/opt/netbox/netbox/media' directory +# to g+w so that pictures can be uploaded to netbox. +RUN mkdir static && chmod g+w static media ENTRYPOINT [ "/opt/netbox/docker-entrypoint.sh" ] diff --git a/docker-compose.yml b/docker-compose.yml index da5fbd5..874ff3e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: - redis - netbox-worker env_file: env/netbox.env - user: netbox + user: '101' volumes: - ./startup_scripts:/opt/netbox/startup_scripts:z,ro - ./initializers:/opt/netbox/initializers:z,ro From 5e92352b0ae83f2c6a065ea31520300d40a3e732 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20M=C3=A4der?= Date: Tue, 26 Nov 2019 12:09:26 +0100 Subject: [PATCH 3/3] set umask in entrypoint --- docker/docker-entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 2e6a8de..7aef836 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -1,5 +1,6 @@ #!/bin/bash set -e +umask 002 # wait shortly and then run db migrations (retry on error) while ! ./manage.py migrate 2>&1; do