Can't run share image as non root

[EmmanuelOgiji]

The alfresco share docker image runs as root which is not ideal. Could there at least be a list of permissions or commands needed to create a custom image that can run as a non root user similar to other Alfresco images.

[shazChaudhry]

@EmmanuelOgiji - Have you been able to find a solution yet? I have the same issue with v7.3.1

[EmmanuelOgiji]

@shazChaudhry Kind of, I ended up writing my own dockerfile to create a new user and basically give it read write permissions on the tomcat dir. It seems to work well enough

[shazChaudhry]

@EmmanuelOgiji - Sounds wonderful :) Are you able to share the dockerfile or relevant code snippet please?

[shazChaudhry]

For those looking for a solution, here is my take on the Dockerfile:

FROM quay.io/alfresco/alfresco-share:7.3.1

ARG TOMCAT_DIR=/usr/local/tomcat

USER root

# This run statement has been taken from https://docs.alfresco.com/content-services/7.3/install/containers/customize/
RUN chgrp -R nobody ${TOMCAT_DIR}/webapps && \
     find ${TOMCAT_DIR}/webapps -type d -exec chmod 0777 {} \; && \
     find ${TOMCAT_DIR}/webapps -type f -exec chmod 0777 {} \; && \
     find ${TOMCAT_DIR}/shared -type d -exec chmod 0777 {} \; && \
     find ${TOMCAT_DIR}/shared -type f -exec chmod 0777 {} \; && \
     chmod -R g+r ${TOMCAT_DIR}/webapps && \
     chgrp -R nobody ${TOMCAT_DIR}

# this user is already available from the base image
USER nobody

And in your deployment yaml for the share component, add a pod security context:

    spec:    
      securityContext:
        # this is user nobody's ID
        runAsUser: 65534