From 31adf835b29d7d7a0b8325c87ce72ce9ba9b570c Mon Sep 17 00:00:00 2001 From: janskiba Date: Thu, 25 Sep 2025 12:42:05 +0000 Subject: [PATCH] Make tomcat permissions stricter and remove ubuntu user --- tomcat/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tomcat/Dockerfile b/tomcat/Dockerfile index f8bd81e..32b344c 100644 --- a/tomcat/Dockerfile +++ b/tomcat/Dockerfile @@ -29,7 +29,8 @@ ONBUILD RUN set -x ; \ adduser --disabled-password --ingroup www-data $COMPONENT; \ chown -R $COMPONENT:www-data $CATALINA_HOME /docker/ /usr/local/share/ca-certificates/ $JAVA_HOME/lib/security/cacerts /etc/ssl/certs/ /run/secrets/; \ mkdir /docker/custom-certs/; \ - chmod -R 755 $CATALINA_HOME /docker/; + chmod -R 750 $CATALINA_HOME /docker/; +RUN usermod -s /usr/sbin/nologin ubuntu ONBUILD USER $COMPONENT ENTRYPOINT ["/docker/tomcat_entrypoint.sh"]