remove jetty run as user stuff from docker build and simply chmod 777…

… jetty base and tmp dirs inside container

Dockerfile

@@ -23,12 +23,6 @@
 # to add packages to the image.
 #   --build-arg EXTRA_JETTY_PACKAGES=vim
 #
-# To build an image that runs jetty as another user (e.g. to access mounted filesystems)
-# you can use the JETTY_RUN_AS_USER_AND_GROUP_IDS and JETTY_RUN_AS_USER_AND_GROUP_NAMES args
-# which should both be specified and formatted as <user>:<group>.
-#   --build-arg JETTY_RUN_AS_USER_AND_GROUP_IDS=999:999
-#   --build-arg JETTY_RUN_AS_USER_AND_GROUP_NAMES=jetty:jetty
-#
 # To run a container with the Jetty server hosting compiled render web services:
 #   docker run -it --rm janelia-render:latest-ws
 
@@ -98,12 +92,6 @@ FROM jetty:10.0.13-jre11 as render-ws
 #   other packages can be added from build command (e.g. docker build ... --build-arg EXTRA_JETTY_PACKAGES=vim )
 ARG EXTRA_JETTY_PACKAGES
 
-# allow jetty run-as user to be changed (e.g. to access externally mounted filesystems)
-ARG JETTY_RUN_AS_USER_AND_GROUP_IDS=999:999
-ARG JETTY_RUN_AS_USER_AND_GROUP_NAMES=jetty:jetty
-ENV JETTY_RUN_AS_USER_AND_GROUP_IDS="$JETTY_RUN_AS_USER_AND_GROUP_IDS" \
-    JETTY_RUN_AS_USER_AND_GROUP_NAMES="$JETTY_RUN_AS_USER_AND_GROUP_NAMES"
-
 USER root
 RUN apt-get update && apt-get install -y curl coreutils $EXTRA_JETTY_PACKAGES
 
@@ -148,5 +136,5 @@ ENV JAVA_OPTIONS="-Xms3g -Xmx3g -server -Djava.awt.headless=true" \
     WEB_SERVICE_MAX_TILE_SPECS_TO_RENDER="20" \
     WEB_SERVICE_MAX_IMAGE_PROCESSOR_GB=""
 
-USER $JETTY_RUN_AS_USER_AND_GROUP_IDS
+USER jetty
 ENTRYPOINT ["/render-docker/render-run-jetty-entrypoint.sh"]

docs/src/site/markdown/render-ws-docker.md

@@ -14,12 +14,6 @@ docker build -t janelia-render:latest-ws --target render-ws .
 # To help debug image build issues, you can use the EXTRA_JETTY_PACKAGES arg 
 # to add packages to the image.
 --build-arg EXTRA_JETTY_PACKAGES=vim
-
-# To build an image that runs jetty as another user (e.g. to access mounted filesystems)
-# you can use the JETTY_RUN_AS_USER_AND_GROUP_IDS and JETTY_RUN_AS_USER_AND_GROUP_NAMES args
-# which should both be specified and formatted as <user>:<group>.  
---build-arg JETTY_RUN_AS_USER_AND_GROUP_IDS=999:999
---build-arg JETTY_RUN_AS_USER_AND_GROUP_NAMES=jetty:jetty
 ```
 
 You can speed up future builds by building and tagging the build environment:

render-ws/src/main/scripts/jetty/configure_web_server.sh

@@ -67,24 +67,6 @@ sed -i '
 rm -rf "${SWAGGER_UI_SOURCE_DIR}"
 
 # -------------------------------------------------------------------------------------------
-# ensure jetty run-as user exists and that the run-as user owns the jetty base and tmp directories
+# make jetty base and tmp directories accessible to all so that containers can be run as different external users
 
-# JETTY_RUN_AS_USER_AND_GROUP_IDS format is user-id:group-id
-JETTY_RUN_AS_USER_ID=${JETTY_RUN_AS_USER_AND_GROUP_IDS%%:*}
-JETTY_RUN_AS_GROUP_ID=${JETTY_RUN_AS_USER_AND_GROUP_IDS##*:}
-
-# JETTY_RUN_AS_USER_AND_GROUP_NAMES format is user-name:group-name
-JETTY_RUN_AS_USER_NAME=${JETTY_RUN_AS_USER_AND_GROUP_NAMES%%:*}
-JETTY_RUN_AS_GROUP_NAME=${JETTY_RUN_AS_USER_AND_GROUP_NAMES##*:}
-
-if id "${JETTY_RUN_AS_USER_ID}" &>/dev/null; then
-    echo "configure_web_server: user ${JETTY_RUN_AS_USER_ID} already exists in image"
-else
-    echo "configure_web_server: need to create group id ${JETTY_RUN_AS_GROUP_ID} with name ${JETTY_RUN_AS_GROUP_NAME} in image"
-    groupadd -g "${JETTY_RUN_AS_GROUP_ID}" "${JETTY_RUN_AS_GROUP_NAME}"
-
-    echo "configure_web_server: need to create user id ${JETTY_RUN_AS_USER_ID} with name ${JETTY_RUN_AS_USER_NAME} in image ..."
-    useradd --uid "${JETTY_RUN_AS_USER_ID}" --gid "${JETTY_RUN_AS_GROUP_ID}" --shell /bin/bash "${JETTY_RUN_AS_USER_NAME}"
-fi
-
-chown -R "${JETTY_RUN_AS_USER_AND_GROUP_IDS}" "${JETTY_BASE_DIR}" "${TMPDIR}"
+chmod -R 777 "${JETTY_BASE_DIR}" "${TMPDIR}"