enforce user 1000 group 1000 #305 (#355)

* enforce user 1000 group 1000 #305 * files permission
conda-incubator · Jul 22, 2022 · 04d9611 · 04d9611
1 parent 818d326
commit 04d9611
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 2 deletions.
diff --git a/conda-store-server/Dockerfile b/conda-store-server/Dockerfile
@@ -22,3 +22,13 @@ RUN cd /opt/conda-store-server && \
 
 ENV PATH=/opt/conda/condabin:/opt/conda/envs/conda-store-server/bin:/opt/conda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${PATH}
 ENV TZ=America/New_York
+
+RUN chown -R 1000:1000 /opt/conda/pkgs && \
+    mkdir -p /var/lib/conda-store && \
+    chown 1000:1000 /var/lib/conda-store && \
+    mkdir -p /opt/conda-store/envs && \
+    chown 1000:1000 /opt/conda-store/envs
+
+USER 1000:1000
+
+WORKDIR /var/lib/conda-store
diff --git a/conda-store/Dockerfile b/conda-store/Dockerfile
@@ -20,4 +20,6 @@ RUN cd /opt/conda-store && \
 RUN mkdir -p /opt/jupyterhub && \
     chown -R 1000:1000 /opt/jupyterhub
 
+USER 1000:1000
+
 WORKDIR /opt/jupyterhub
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -3,6 +3,7 @@ version: "3.8"
 services:
   conda-store-worker:
     build: conda-store-server
+    user: 1000:1000
     volumes:
       - ./tests/assets/environments:/opt/environments:ro
       - ./tests/assets/conda_store_config.py:/opt/conda_store/conda_store_config.py:ro
@@ -14,6 +15,7 @@ services:
 
   conda-store-server:
     build: conda-store-server
+    user: 1000:1000
     depends_on:
       postgres:
         condition: service_healthy

diff --git a/examples/docker-without-nfs/docker-compose.yaml b/examples/docker-without-nfs/docker-compose.yaml
@@ -29,6 +29,7 @@ services:
 
   conda-store-worker:
     build: ../../conda-store-server
+    user: 1000:1000
     volumes:
       - conda_store_data:/opt/conda-store/
       - ./assets/conda_store_config.py:/etc/conda-store/conda_store_config.py:ro
@@ -43,6 +44,7 @@ services:
 
   conda-store-server:
     build: ../../conda-store-server
+    user: 1000:1000
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.conda-store.rule=Host(`conda-store.localhost`) && PathPrefix(`/conda-store`)"
@@ -74,7 +76,7 @@ services:
       - "traefik.http.routers.jupyterhub.rule=Host(`conda-store.localhost`) && (Path(`/`) || PathPrefix(`/hub`) || PathPrefix(`/user`))"
       - "traefik.http.routers.jupyterhub.entrypoints=websecure"
       - "traefik.port=8000"
-    user: "1000:1000"
+    user: 1000:1000
     environment:
       CONDA_STORE_URL: https://conda-store.localhost/conda-store
       CONDA_STORE_AUTH: token

diff --git a/examples/docker/docker-compose.yaml b/examples/docker/docker-compose.yaml
@@ -29,6 +29,7 @@ services:
 
   conda-store-worker:
     build: ../../conda-store-server
+    user: 1000:1000
     volumes:
       - conda_store_data:/opt/conda-store/
       - ./assets/conda_store_config.py:/etc/conda-store/conda_store_config.py:ro
@@ -42,6 +43,7 @@ services:
 
   conda-store-server:
     build: ../../conda-store-server
+    user: 1000:1000
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.conda-store.rule=Host(`conda-store.localhost`) && PathPrefix(`/conda-store`)"
@@ -73,7 +75,7 @@ services:
       - "traefik.http.routers.jupyterhub.rule=Host(`conda-store.localhost`) && (Path(`/`) || PathPrefix(`/hub`) || PathPrefix(`/user`))"
       - "traefik.http.routers.jupyterhub.entrypoints=websecure"
       - "traefik.port=8000"
-    user: "1000:1000"
+    user: 1000:1000
     healthcheck:
       test: ["CMD", "curl", "--fail", "http://localhost:8000/hub/api/"]
       interval: 10s