Verified Commit 4a84cbbd authored by Thomas Downes's avatar Thomas Downes Committed by Tanner Prestegard

Migrate gracedb user to www-data group for simpler/more secure file permissions

parent 652a0763
RUN rm -rf /app/logs/* /app/project_data/* RUN rm -rf /app/logs/* /app/project_data/*
RUN groupadd -g 503 django_writers && \ RUN useradd -M -u 50001 -g www-data -s /bin/false gracedb
useradd -M -u 50001 -g django_writers -s /bin/false gracedb
RUN chown gracedb:django_writers /app/logs /app/project_data RUN chown gracedb:www-data /app/logs /app/project_data && \
chmod 0750 /app/logs /app/project_data
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"] CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
...@@ -9,7 +9,7 @@ priority=3 ...@@ -9,7 +9,7 @@ priority=3
command=/usr/local/bin/gunicorn config.wsgi:application --reload --config /app/gracedb_project/config/ command=/usr/local/bin/gunicorn config.wsgi:application --reload --config /app/gracedb_project/config/
directory=/app/gracedb_project directory=/app/gracedb_project
user=gracedb user=gracedb
group=django_writers group=www-data
stdout_logfile=/dev/fd/1 stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0 stdout_logfile_maxbytes=0
redirect_stderr=true redirect_stderr=true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment