[misc] narrow down write access/ownership for the run-time user
This commit is contained in:
Jakob Ackermann
committed by
Jakob Ackermann
Jakob Ackermann
parent
c5d10d02fc
commit
4ee0dc2471
@@ -2,22 +2,21 @@
|
||||
|
||||
docker --version >&2
|
||||
|
||||
# add the node user to the docker group on the host
|
||||
DOCKER_GROUP=$(stat -c '%g' /var/run/docker.sock)
|
||||
groupadd --non-unique --gid ${DOCKER_GROUP} dockeronhost
|
||||
usermod -aG dockeronhost node
|
||||
|
||||
mkdir -p /app/cache
|
||||
chown -R node:node /app/cache
|
||||
# compatibility: initial volume setup
|
||||
chown node:node /app/cache
|
||||
chown node:node /app/compiles
|
||||
chown node:node /app/db
|
||||
|
||||
mkdir -p /app/compiles
|
||||
chown -R node:node /app/compiles
|
||||
|
||||
chown -R node:node /app/bin/synctex
|
||||
# acceptance tests
|
||||
mkdir -p /app/test/acceptance/fixtures/tmp/
|
||||
chown -R node:node /app
|
||||
|
||||
chown -R node:node /app/bin
|
||||
chown -R node:node /app/test/acceptance/fixtures
|
||||
|
||||
# make synctex available for remount in compiles
|
||||
cp /app/bin/synctex /app/bin/synctex-mount/synctex
|
||||
|
||||
exec runuser -u node -- "$@"
|
||||
|
||||
Reference in New Issue
Block a user