Implement TFW & challenge solver user separation

2018-04-04 17:43:18 +02:00 · 2018-04-04 17:43:18 +02:00 · 19f819c142
parent 68fc4ca050
commit 19f819c142
3 changed files with 8 additions and 4 deletions
--- a/7
+++ b/7
@ -53,14 +53,17 @@ COPY nginx/nginx.conf ${TFW_NGINX_CONF}
 COPY nginx/default.conf ${TFW_NGINX_DEFAULT}
 COPY lib ${TFW_LIB_DIR}

+RUN for dir in "${TFW_LIB_DIR}" "/etc/nginx" "/etc/supervisor"; do \
+        chown -R root:root "$dir" && chmod -R 700 "$dir";          \
+    done
+
 ONBUILD ARG BUILD_CONTEXT="."
 ONBUILD ARG NOFRONTEND=""

 ONBUILD COPY ${BUILD_CONTEXT}/nginx/components/ ${TFW_NGINX_COMPONENTS}
 ONBUILD COPY ${BUILD_CONTEXT}/supervisor/components/ ${TFW_SUPERVISORD_COMPONENTS}

-ONBUILD RUN chown -R ${AVATAO_USER} /var/log/nginx /var/lib/nginx                                          &&\
-            for f in "${TFW_NGINX_DEFAULT}" ${TFW_NGINX_COMPONENTS}/*.conf; do                               \
+ONBUILD RUN for f in "${TFW_NGINX_DEFAULT}" ${TFW_NGINX_COMPONENTS}/*.conf; do                               \
                envsubst "$(printenv | cut -d= -f1 | grep TFW_ | sed -e 's/^/$/g')" < $f > $f~ && mv $f~ $f ;\
            done
 ONBUILD VOLUME ["/etc/nginx", "/var/lib/nginx", "/var/log/nginx"]
--- a/lib/tfw/components/terminado_event_handler.py
+++ b/lib/tfw/components/terminado_event_handler.py
@ -5,6 +5,7 @@ from tfw.components.terminado_mini_server import TerminadoMiniServer
 from tfw.event_handler_base import TriggerlessEventHandler
 from tfw.config import TFWENV
 from tfw.config.logs import logging
+from tao.config import TAOENV

 LOG = logging.getLogger(__name__)

@ -14,7 +15,7 @@ class TerminadoEventHandler(TriggerlessEventHandler):
        super().__init__(key)
        self.working_directory = TFWENV.TERMINADO_DIR
        self._historymonitor = monitor
-        self.terminado_server = TerminadoMiniServer('/terminal', TFWENV.TERMINADO_PORT, TFWENV.TERMINADO_WD, ['bash'])
+        self.terminado_server = TerminadoMiniServer('/terminal', TFWENV.TERMINADO_PORT, TFWENV.TERMINADO_WD, ['sudo', '-u', TAOENV.USER, 'bash'])
        self.commands = {'write': self.write,
                         'read': self.read}
        if self._historymonitor:
--- a/supervisor/supervisord.conf
+++ b/supervisor/supervisord.conf
@ -1,5 +1,5 @@
 [supervisord]
-user=user
+user=root
 logfile = /tmp/supervisord.log
 loglevel = debug
 pidfile = /tmp/supervisord.pid