diff options
| author | Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org> | 2018-06-05 13:04:48 +0000 |
|---|---|---|
| committer | Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org> | 2018-06-05 13:04:48 +0000 |
| commit | 5f4811ff114af8cf612efd897103401dc1b0f2a8 (patch) | |
| tree | df08e66e5c9b84737f679842673603a70352e26c /tcwg-base | |
| parent | 056673649d1fbcf1af617f52b344428b5a84cdf5 (diff) | |
tcwg-host: Restrict access to /home/$USER/.ssh directories of users.
Change-Id: Iee82239f4280a908e019f9cf15337f9ee87fa572
Diffstat (limited to 'tcwg-base')
| -rw-r--r-- | tcwg-base/tcwg-host/Dockerfile.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tcwg-base/tcwg-host/Dockerfile.in b/tcwg-base/tcwg-host/Dockerfile.in index 18050ecf..d660245f 100644 --- a/tcwg-base/tcwg-host/Dockerfile.in +++ b/tcwg-base/tcwg-host/Dockerfile.in @@ -3,12 +3,13 @@ FROM linaro/ci-#{ARCH}-tcwg-base-ubuntu:#{DISTRO} COPY passwd start.sh / COPY home-data/ /home-data/ -RUN new-user.sh --group tcwg-infra:9000 && new-user.sh --group primary:10000 \ +RUN new-user.sh --group tcwg-infra:9000 && new-user.sh --group tcwg-users:10000 \ && while read line; do \ new-user.sh --passwd "$line"; \ user=$(echo "$line" | cut -d: -f 1); \ gid=$(echo "$line" | cut -d: -f 4); \ chown -R $user:$gid /home-data/$user/; \ + chmod -R go-rwx /home-data/$user/.ssh/ ; \ rsync -a /home-data/$user/ /home/$user/; \ done </passwd \ && rm -rf /passwd /home-data/ |