From 8840355f333d79a48731aa8df10ca10ba2ba172b Mon Sep 17 00:00:00 2001 From: Brent O'Connor Date: Tue, 29 Aug 2023 08:17:17 -0500 Subject: [PATCH] Change to using a root user for local development This fixes an issue that was happening where Vite and other JS related tools where throwing write permission errors when running because the web service would create files as non-privileged app user and then JS tools would run as a non-privileged user and then try to write to directories owned by root. --- CHANGELOG.md | 10 ++++++++++ config/bash/bashrc | 11 +++++++++++ config/docker/Dockerfile.web | 19 ++++++++----------- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bc377a56..f98cd9a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ # CHANGELOG +## 2023-06-01 + +### Changed + +* Changed to using a root user for local development. This fixes an issue that was happening where Vite and other JS + related tools where throwing write permission errors when running because the web service would create files as a + non-privileged app user and then JS tools would run as a non-privileged user and then try to write to + directories owned by root. + + ## 2023-06-01 ### Changed diff --git a/config/bash/bashrc b/config/bash/bashrc index 476d890f..a46d9be4 100644 --- a/config/bash/bashrc +++ b/config/bash/bashrc @@ -1,3 +1,14 @@ +# Color prompt +PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' + +# Colorize `ls` output +export SHELL=/bin/bash +export LS_OPTIONS='--color=auto' +eval "`dircolors`" +alias ls='ls $LS_OPTIONS' +alias ll='ls $LS_OPTIONS -l' +alias l='ls $LS_OPTIONS -lA' + # some more ls aliases alias ll='ls -l' alias la='ls -A' diff --git a/config/docker/Dockerfile.web b/config/docker/Dockerfile.web index 990a71f8..a726d06c 100644 --- a/config/docker/Dockerfile.web +++ b/config/docker/Dockerfile.web @@ -38,7 +38,8 @@ RUN apt-get update \ && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \ && echo "LANG=en_US.UTF-8" > /etc/locale.conf \ && locale-gen en_US.UTF-8 \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* \ + && echo "\nsource /srv/app/config/bash/bashrc" >> /root/.bashrc ENV VIRTUAL_ENV=/opt/venv ENV LANG=en_US.UTF-8 \ @@ -51,14 +52,8 @@ ENV LANG=en_US.UTF-8 \ WORKDIR /srv/app -RUN set -ex \ - && groupadd -r app && useradd --uid=1000 --create-home --home-dir=/home/app --no-log-init -r -g app app \ - && echo "\nsource ./config/bash/bashrc" >> /home/app/.bashrc - COPY --from=python-requirements --chown=app:app $VIRTUAL_ENV $VIRTUAL_ENV -USER app - EXPOSE 8000/tcp 8001/tcp CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"] @@ -88,14 +83,16 @@ FROM dev as prod WORKDIR /srv/app -USER root +RUN set -ex \ + && groupadd -r app --gid=1000 && useradd --uid=1000 --create-home --home-dir=/home/app --no-log-init -r -g app app \ + && echo "\nsource ./config/bash/bashrc" >> /home/app/.bashrc + +COPY --chown=app:app . . -COPY . . +USER app RUN SECRET_KEY=e python manage.py collectstatic --no-input COPY --from=js_assets --chown=app:app /srv/app/public/static/ ./collected_static -USER app - CMD ["uwsgi", "--ini", "config/uwsgi.ini", "--http", "0.0.0.0:8080"]