From 0a1a95a06d7be1d25cdc500e8241dc3bab0e8137 Mon Sep 17 00:00:00 2001 From: jcblw <578259+jcblw@users.noreply.github.com> Date: Sat, 26 Oct 2019 16:15:42 -0700 Subject: [PATCH 1/5] add in user and run docker container as users --- Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Dockerfile b/Dockerfile index ec06e06..f531dfa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,14 @@ RUN apt-get update \ && apt-get install -y google-chrome-stable --no-install-recommends \ && rm -rf /var/lib/apt/lists/* +# Add user so we don't need --no-sandbox. +RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \ + && mkdir -p /home/pptruser/Downloads \ + && chown -R pptruser:pptruser /home/pptruser + +# Run everything after as non-privileged user. +USER pptruser + ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true From 56efe19566c8c39a5720eafd068d6bcb55db62c2 Mon Sep 17 00:00:00 2001 From: jcblw <578259+jcblw@users.noreply.github.com> Date: Sat, 26 Oct 2019 16:57:45 -0700 Subject: [PATCH 2/5] add github workspace to users permissions --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index f531dfa..dd4b313 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,6 +25,8 @@ RUN apt-get update \ RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \ && mkdir -p /home/pptruser/Downloads \ && chown -R pptruser:pptruser /home/pptruser + && chown -R pptruser:pptruser /github/workspace + && chmod 755 /github/workspace # Run everything after as non-privileged user. USER pptruser From 7d982d15ea0d84d544ed8c474f32e6052e88b5a8 Mon Sep 17 00:00:00 2001 From: jcblw <578259+jcblw@users.noreply.github.com> Date: Sat, 26 Oct 2019 17:04:02 -0700 Subject: [PATCH 3/5] add in line escapes --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index dd4b313..4118648 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,8 +24,8 @@ RUN apt-get update \ # Add user so we don't need --no-sandbox. RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \ && mkdir -p /home/pptruser/Downloads \ - && chown -R pptruser:pptruser /home/pptruser - && chown -R pptruser:pptruser /github/workspace + && chown -R pptruser:pptruser /home/pptruser \ + && chown -R pptruser:pptruser /github/workspace \ && chmod 755 /github/workspace # Run everything after as non-privileged user. From 8f2b2fb3d3f01b589377cc9b1bb3e692b32777b3 Mon Sep 17 00:00:00 2001 From: jcblw <578259+jcblw@users.noreply.github.com> Date: Sat, 26 Oct 2019 17:14:26 -0700 Subject: [PATCH 4/5] give access to all the files --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4118648..051c43e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,8 +25,8 @@ RUN apt-get update \ RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \ && mkdir -p /home/pptruser/Downloads \ && chown -R pptruser:pptruser /home/pptruser \ - && chown -R pptruser:pptruser /github/workspace \ - && chmod 755 /github/workspace + && chown -R pptruser:pptruser / \ + && chmod 755 / # Run everything after as non-privileged user. USER pptruser From a9324a5b95622b352688dbbd49d7f1b9036e743d Mon Sep 17 00:00:00 2001 From: jcblw <578259+jcblw@users.noreply.github.com> Date: Sat, 26 Oct 2019 17:26:05 -0700 Subject: [PATCH 5/5] add in some changes to the flow of getting permissions --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 051c43e..2a6252e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,9 +24,10 @@ RUN apt-get update \ # Add user so we don't need --no-sandbox. RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \ && mkdir -p /home/pptruser/Downloads \ + && mkdir -p /github/workspace \ && chown -R pptruser:pptruser /home/pptruser \ - && chown -R pptruser:pptruser / \ - && chmod 755 / + && chown -R pptruser:pptruser /github/workspace \ + && chmod 755 /github/workspace # Run everything after as non-privileged user. USER pptruser