You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by zj...@apache.org on 2019/10/25 13:29:19 UTC
[zeppelin] branch master updated: [ZEPPELIN-4368][Docker image] run
zeppelin server run under Non-root user
This is an automated email from the ASF dual-hosted git repository.
zjffdu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new ad9d214 [ZEPPELIN-4368][Docker image] run zeppelin server run under Non-root user
ad9d214 is described below
commit ad9d214ebd1ffe71924b7e53c57c26eb6ed30484
Author: abdelouahab EL OUAZZANY <a....@gmail.com>
AuthorDate: Sat Oct 12 20:49:20 2019 +0200
[ZEPPELIN-4368][Docker image] run zeppelin server run under Non-root user
### What is this PR for?
this PR add an improvement to zeppelin docker image by running zeppelin server under non-root user
### What type of PR is it?
Improvement
### What is the Jira issue?
* https://jira.apache.org/jira/browse/ZEPPELIN-4368
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: abdelouahab EL OUAZZANY <a....@gmail.com>
Closes #3484 from elouazzany/ZEPPELIN-4368 and squashes the following commits:
9f0fbaaf4 [abdelouahab EL OUAZZANY] [ZEPPELIN-4368][Docker image] for security reason the zeppelin server should run under Non-root user
(cherry picked from commit 1378fc736b4c9b55b20ecac3cca5b91cf1c397b4)
Signed-off-by: Jeff Zhang <zj...@apache.org>
---
scripts/docker/zeppelin/bin/Dockerfile | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/scripts/docker/zeppelin/bin/Dockerfile b/scripts/docker/zeppelin/bin/Dockerfile
index 5cf0277..33623db 100644
--- a/scripts/docker/zeppelin/bin/Dockerfile
+++ b/scripts/docker/zeppelin/bin/Dockerfile
@@ -16,6 +16,9 @@
FROM ubuntu:16.04
MAINTAINER Apache Software Foundation <de...@zeppelin.apache.org>
+ARG ZEPPELIN_USER_ID=2100
+ARG ZEPPELIN_GROUP_ID=2100
+
# `Z_VERSION` will be updated by `dev/change_zeppelin_version.sh`
ENV Z_VERSION="0.9.0-SNAPSHOT"
ENV LOG_TAG="[ZEPPELIN_${Z_VERSION}]:" \
@@ -23,6 +26,9 @@ ENV LOG_TAG="[ZEPPELIN_${Z_VERSION}]:" \
LANG=en_US.UTF-8 \
LC_ALL=en_US.UTF-8
+RUN groupadd --gid $ZEPPELIN_GROUP_ID zeppelin \
+ && useradd -ms /bin/bash -d ${Z_HOME} zeppelin --uid $ZEPPELIN_USER_ID --gid $ZEPPELIN_GROUP_ID
+
RUN echo "$LOG_TAG update and install basic packages" && \
apt-get -y update && \
apt-get install -y locales && \
@@ -100,10 +106,13 @@ RUN echo "$LOG_TAG Download Zeppelin binary" && \
wget -O /tmp/zeppelin-${Z_VERSION}-bin-all.tgz http://archive.apache.org/dist/zeppelin/zeppelin-${Z_VERSION}/zeppelin-${Z_VERSION}-bin-all.tgz && \
tar -zxvf /tmp/zeppelin-${Z_VERSION}-bin-all.tgz && \
rm -rf /tmp/zeppelin-${Z_VERSION}-bin-all.tgz && \
- mv /zeppelin-${Z_VERSION}-bin-all ${Z_HOME}
+ mv /zeppelin-${Z_VERSION}-bin-all/* ${Z_HOME}/ && \
+ chown -R zeppelin:zeppelin ${Z_HOME}/
COPY log4j.properties ${Z_HOME}/conf/
+USER zeppelin
+
EXPOSE 8080
ENTRYPOINT [ "/usr/bin/tini", "--" ]