diff --git a/bin/access-control-service.dockerfile b/bin/access-control-service.dockerfile index fac67fb08b0..1429171a5a5 100644 --- a/bin/access-control-service.dockerfile +++ b/bin/access-control-service.dockerfile @@ -69,6 +69,12 @@ COPY --from=build /texera/access-control-service/LICENSE-binary /texera/LICENSE COPY --from=build /texera/access-control-service/NOTICE-binary /texera/NOTICE COPY --from=build /texera/licenses /texera/licenses COPY --from=build /texera/DISCLAIMER /texera/ + +RUN groupadd --system --gid 1001 texera \ + && useradd --system --uid 1001 --gid texera --home-dir /texera --no-create-home texera \ + && chown -R texera:texera /texera +USER texera + CMD ["bin/access-control-service"] EXPOSE 9096 \ No newline at end of file diff --git a/bin/agent-service.dockerfile b/bin/agent-service.dockerfile index b2fcdea5704..7edf38287aa 100644 --- a/bin/agent-service.dockerfile +++ b/bin/agent-service.dockerfile @@ -40,6 +40,11 @@ COPY NOTICE ./NOTICE COPY DISCLAIMER ./DISCLAIMER COPY licenses ./licenses +RUN addgroup -S -g 1001 texera \ + && adduser -S -u 1001 -G texera -h /app texera \ + && chown -R texera:texera /app +USER texera + EXPOSE 3001 CMD ["bun", "run", "src/server.ts"] diff --git a/bin/computing-unit-master.dockerfile b/bin/computing-unit-master.dockerfile index 8f2fa2b999e..5fcb54968dc 100644 --- a/bin/computing-unit-master.dockerfile +++ b/bin/computing-unit-master.dockerfile @@ -99,6 +99,12 @@ COPY --from=build /texera/amber/LICENSE-binary-combined /texera/LICENSE COPY --from=build /texera/amber/NOTICE-binary /texera/NOTICE COPY --from=build /texera/licenses /texera/licenses COPY --from=build /texera/DISCLAIMER /texera/ + +RUN groupadd --system --gid 1001 texera \ + && useradd --system --uid 1001 --gid texera --home-dir /texera --no-create-home texera \ + && chown -R texera:texera /texera +USER texera + CMD ["bin/computing-unit-master"] EXPOSE 8085 diff --git a/bin/computing-unit-worker.dockerfile b/bin/computing-unit-worker.dockerfile index c36a5a2698d..f600a9c05fb 100644 --- a/bin/computing-unit-worker.dockerfile +++ b/bin/computing-unit-worker.dockerfile @@ -97,6 +97,12 @@ COPY --from=build /texera/amber/LICENSE-binary-combined /texera/LICENSE COPY --from=build /texera/amber/NOTICE-binary /texera/NOTICE COPY --from=build /texera/licenses /texera/licenses COPY --from=build /texera/DISCLAIMER /texera/ + +RUN groupadd --system --gid 1001 texera \ + && useradd --system --uid 1001 --gid texera --home-dir /texera --no-create-home texera \ + && chown -R texera:texera /texera +USER texera + CMD ["bin/computing-unit-worker"] EXPOSE 8085 \ No newline at end of file diff --git a/bin/config-service.dockerfile b/bin/config-service.dockerfile index 251d5fdb8a0..17c3d57de1f 100644 --- a/bin/config-service.dockerfile +++ b/bin/config-service.dockerfile @@ -70,6 +70,12 @@ COPY --from=build /texera/config-service/LICENSE-binary /texera/LICENSE COPY --from=build /texera/config-service/NOTICE-binary /texera/NOTICE COPY --from=build /texera/licenses /texera/licenses COPY --from=build /texera/DISCLAIMER /texera/ + +RUN groupadd --system --gid 1001 texera \ + && useradd --system --uid 1001 --gid texera --home-dir /texera --no-create-home texera \ + && chown -R texera:texera /texera +USER texera + CMD ["bin/config-service"] EXPOSE 9094 \ No newline at end of file diff --git a/bin/file-service.dockerfile b/bin/file-service.dockerfile index 4decf696127..3966b5122b8 100644 --- a/bin/file-service.dockerfile +++ b/bin/file-service.dockerfile @@ -69,6 +69,12 @@ COPY --from=build /texera/file-service/LICENSE-binary /texera/LICENSE COPY --from=build /texera/file-service/NOTICE-binary /texera/NOTICE COPY --from=build /texera/licenses /texera/licenses COPY --from=build /texera/DISCLAIMER /texera/ + +RUN groupadd --system --gid 1001 texera \ + && useradd --system --uid 1001 --gid texera --home-dir /texera --no-create-home texera \ + && chown -R texera:texera /texera +USER texera + CMD ["bin/file-service"] EXPOSE 9092 \ No newline at end of file diff --git a/bin/texera-web-application.dockerfile b/bin/texera-web-application.dockerfile index f0d8fbdbf9d..706b0fdcfb5 100644 --- a/bin/texera-web-application.dockerfile +++ b/bin/texera-web-application.dockerfile @@ -101,6 +101,12 @@ COPY --from=build /texera/amber/LICENSE-binary-combined /texera/LICENSE COPY --from=build /texera/amber/NOTICE-binary /texera/NOTICE COPY --from=build /texera/licenses /texera/licenses COPY --from=build /texera/DISCLAIMER /texera/ + +RUN groupadd --system --gid 1001 texera \ + && useradd --system --uid 1001 --gid texera --home-dir /texera --no-create-home texera \ + && chown -R texera:texera /texera /frontend +USER texera + CMD ["bin/texera-web-application"] EXPOSE 8080 \ No newline at end of file diff --git a/bin/workflow-compiling-service.dockerfile b/bin/workflow-compiling-service.dockerfile index a2617d7a4bc..b8f7f6c3923 100644 --- a/bin/workflow-compiling-service.dockerfile +++ b/bin/workflow-compiling-service.dockerfile @@ -70,6 +70,12 @@ COPY --from=build /texera/workflow-compiling-service/LICENSE-binary /texera/LICE COPY --from=build /texera/workflow-compiling-service/NOTICE-binary /texera/NOTICE COPY --from=build /texera/licenses /texera/licenses COPY --from=build /texera/DISCLAIMER /texera/ + +RUN groupadd --system --gid 1001 texera \ + && useradd --system --uid 1001 --gid texera --home-dir /texera --no-create-home texera \ + && chown -R texera:texera /texera +USER texera + CMD ["bin/workflow-compiling-service"] EXPOSE 9090 \ No newline at end of file diff --git a/bin/workflow-computing-unit-managing-service.dockerfile b/bin/workflow-computing-unit-managing-service.dockerfile index 1edb94019a6..78d0ba89db4 100644 --- a/bin/workflow-computing-unit-managing-service.dockerfile +++ b/bin/workflow-computing-unit-managing-service.dockerfile @@ -70,6 +70,12 @@ COPY --from=build /texera/computing-unit-managing-service/LICENSE-binary /texera COPY --from=build /texera/computing-unit-managing-service/NOTICE-binary /texera/NOTICE COPY --from=build /texera/licenses /texera/licenses COPY --from=build /texera/DISCLAIMER /texera/ + +RUN groupadd --system --gid 1001 texera \ + && useradd --system --uid 1001 --gid texera --home-dir /texera --no-create-home texera \ + && chown -R texera:texera /texera +USER texera + CMD ["bin/computing-unit-managing-service"] EXPOSE 8888 \ No newline at end of file