security improvements

2024-05-02 05:02:21 +12:00 · 2022-07-20 20:57:00 +00:00 · 2022-07-20 20:57:00 +00:00 · edd3ed3d51
parent 2b9c2f09f1
commit edd3ed3d51
7 changed files with 18 additions and 18 deletions
--- a/workspaces/ansible-terraform-workspace/Dockerfile
+++ b/workspaces/ansible-terraform-workspace/Dockerfile
@ -45,7 +45,7 @@ COPY ./examples/ /home/examples/

 # Delete previous Theia & set up new 
 RUN rm -rf /opt/theia \
-    && mkdir -p -m 777 /opt/theia \
+    && mkdir -p /opt/theia \
    && cd /opt/theia && nodeenv --node=12.18.3 env && . env/bin/activate \
    && pip install -r /home/abc/installed-python-packages/infra-requirements.txt \
    && python3 -m pip install "ara[server]"
--- a/workspaces/codeserver-workspace/Dockerfile
+++ b/workspaces/codeserver-workspace/Dockerfile
@ -11,13 +11,13 @@ COPY ./mkdocs/ /home/docs/

 RUN echo "------------------------------------------------------ code-server" \
 	&& apt-get install -y build-essential pkg-config \
-    && mkdir -p -m 777 /opt/codeserver \
+    && mkdir -p /opt/codeserver \
 	&& cd /opt/codeserver && nodeenv --node=16.15.0 --npm=1.0.10 env \
 	&& cd /opt/codeserver && . env/bin/activate &&  npm install -g yarn && yarn global add code-server@4.4.0 \
-	&& mkdir -p -m 777 /home/project \
-	&& mkdir -p -m 777 /opt/codeserver/data \
-	&& mkdir -p -m 777 mkdir /opt/vscode/extensions \ 
-	&& mkdir -p -m 777 /var/log/codeserver \
+	&& mkdir -p /home/project \
+	&& mkdir /opt/codeserver/data \
+	&& mkdir -p mkdir /opt/vscode/extensions \ 
+	&& mkdir -p /var/log/codeserver \
    && echo "------------------------------------------------------ utils" \
    && rm -rf /home/abc/utils || true \
    && git clone https://github.com/bluxmit/alnoda-workspaces /tmp/alnoda-workspaces \
@ -26,6 +26,7 @@ RUN echo "------------------------------------------------------ code-server" \
 	&& echo "------------------------------------------------------ user" \
 	&& chown -R abc /home/project \
 	&& chown -R abc /opt/codeserver \
+    && chown -R abc /var/log/codeserver \
    && chown -R abc  /opt/vscode \
    && chown -R abc /home/docs \
    && chown -R abc /home/abc/utils \
--- a/workspaces/kafka-workspace/Dockerfile
+++ b/workspaces/kafka-workspace/Dockerfile
@ -45,9 +45,9 @@ FROM ${DEPLOY_IMAGE}

 USER root

-RUN mkdir -p -m 777 /opt/theia \
+RUN mkdir -p /opt/theia \
    && cd /opt/theia && nodeenv --node=12.18.3 env && . env/bin/activate \
-    && mkdir -p -m 777 /home/project \
+    && mkdir -p /home/project \
    && apt-get install -y libsecret-1-dev \
    && rm -rf /home/docs

@ -114,6 +114,7 @@ RUN echo "------------------------------------------------------ java" \
    # && rm -rf /tmp/alnoda-workspaces \
    && echo "------------------------------------------------------ user" \
    && chown -R abc /opt/theia \
+    && chown -R abc /home/project \
    && mkdir -p /var/log/theia && chown -R abc /var/log/theia \
    && mkdir -p /var/log/zookeeper/ && chown -R abc /var/log/zookeeper/ \
    && mkdir -p /var/log/kafka && chown -R abc /var/log/kafka \
--- a/workspaces/postgres-workspace/Dockerfile
+++ b/workspaces/postgres-workspace/Dockerfile
@ -45,9 +45,9 @@ FROM ${DEPLOY_IMAGE}
 USER root

 RUN apt-get update \
-    && mkdir -p -m 777 /opt/theia \
+    && mkdir -p /opt/theia \
    && cd /opt/theia && nodeenv --node=12.18.3 env && . env/bin/activate \
-    && mkdir -p -m 777 /home/project \
+    && mkdir -p /home/project \
    && apt-get install -y libsecret-1-dev

 COPY --from=theia-builder /opt/theia /opt/theia
@ -188,7 +188,7 @@ RUN echo "------------------------------------------------------ postgres" \
    && mkdir /var/log/postgres && chown -R abc /var/log/postgres \
    && chown -R abc /var/log/postgresql \
    && mkdir /var/postgres && chown -R abc /var/postgres \
-    && chmod 777 /var/run/postgresql \
+    && chown -R abc /var/run/postgresql \
    && chown -R abc /opt/dbdesigner \
    && chown -R abc /opt/pev2 \
    && mkdir /var/log/dbdesigner && chown -R abc /var/log/dbdesigner \
--- a/workspaces/redis-workspace/Dockerfile
+++ b/workspaces/redis-workspace/Dockerfile
@ -1,6 +1,6 @@

 ARG docker_registry=docker.io/alnoda
-ARG image_tag=2.2
+ARG image_tag=3.0

 ## Images used:
 ARG BUILD_IMAGE=node:12.18.3
@ -42,9 +42,9 @@ FROM ${DEPLOY_IMAGE}

 USER root

-RUN mkdir -p -m 777 /opt/theia \
+RUN mkdir -p /opt/theia \
    && cd /opt/theia && nodeenv --node=12.18.3 env && . env/bin/activate \
-    && mkdir -p -m 777 /home/project \
+    && mkdir -p /home/project \
    && apt-get install -y libsecret-1-dev \
    && rm -rf /home/docs

@ -87,7 +87,7 @@ RUN apt-get -y update \
    && mv /tmp/redis-tui-linux /usr/bin/redis-tui \
    && rm -rf /tmp/redis-tui-linux \
    && echo "------------------------------------------------------ redis-commander" \
-    && mkdir -p -m 777 /opt/redis-commander \
+    && mkdir -p /opt/redis-commander \
    && cd /opt/redis-commander && nodeenv --node=12.18.3 env && . env/bin/activate \
    && npm install -g redis-commander@0.7.2 \
    && echo "------------------------------------------------------ user" \
@ -95,7 +95,7 @@ RUN apt-get -y update \
    && mkdir -p /var/log/theia && chown -R abc /var/log/theia \
    && mkdir -p /var/log/redis && chown -R abc /var/log/redis \
    && mkdir -p /opt/redis && chown -R abc /opt/redis \
-    && chmod 777 /var/lib/redis \
+    && chown -R abc /var/lib/redis \
    && mkdir -p /home/redis-data && chown -R abc /home/redis-data \
    && chown -R abc /opt/redis-commander \
    && mkdir -p /var/log/redis-commander && chown -R abc /var/log/redis-commander \
--- a/workspaces/sqlite-workspace/Dockerfile
+++ b/workspaces/sqlite-workspace/Dockerfile
@ -2,8 +2,6 @@ ARG docker_registry=docker.io/alnoda
 ARG image_tag=3.0

 FROM ${docker_registry}/theia-workspace:${image_tag}
-USER roots
-
 USER root

 COPY supervisord-sqlite.conf /etc/supervisord/
--- a/workspaces/sqlite-workspace/mkdocs/mkdocs.yaml
+++ b/workspaces/sqlite-workspace/mkdocs/mkdocs.yaml