Fix sudoers file permissions

4f0baebf · Dan Thomson · f24ca312 · 4f0baebf · 4f0baebf · 4f0baebf
Verified Commit 4f0baebf authored 4 years ago by Dan Thomson
--- a/Dockerfile.centos7
+++ b/Dockerfile.centos7
@@ -35,9 +35,10 @@ RUN sed -i '/^ip_resolve=/{h;s/=.*/=4/};${x;/^$/{s//ip_resolve=4/;H};x}' /etc/yu
 	rm -f /tmp/requirements.txt && \
 	yum -y clean all

-COPY /entrypoint.sh /entrypoint.sh
-COPY /sudoers /etc/sudoers.d/ansible
-RUN chmod 755 /entrypoint.sh
+COPY entrypoint.sh /entrypoint.sh
+COPY sudoers /etc/sudoers.d/ansible
+
+RUN chmod 755 /entrypoint.sh && chmod 600 /etc/sudoers.d/ansible

 RUN groupadd --gid $GID ansible && \
 	adduser --home /home/ansible --shell /bin/bash --gid $GID --uid $UID ansible

--- a/Dockerfile.centos8
+++ b/Dockerfile.centos8
@@ -35,7 +35,7 @@ RUN sed -i '/^ip_resolve=/{h;s/=.*/=4/};${x;/^$/{s//ip_resolve=4/;H};x}' /etc/yu

 COPY entrypoint.sh /entrypoint.sh
 COPY sudoers /etc/sudoers.d/ansible
-RUN chmod 755 /entrypoint.sh
+RUN chmod 755 /entrypoint.sh && chmod 600 /etc/sudoers.d/ansible

 RUN groupadd --gid $GID ansible && \
 	adduser --home /home/ansible --shell /bin/bash --gid $GID --uid $UID ansible

--- a/Dockerfile.debian10
+++ b/Dockerfile.debian10
@@ -40,7 +40,7 @@ RUN apt-get -y update && \

 COPY entrypoint.sh /entrypoint.sh
 COPY sudoers /etc/sudoers.d/ansible
-RUN chmod 755 /entrypoint.sh
+RUN chmod 755 /entrypoint.sh && chmod 600 /etc/sudoers.d/ansible

 RUN addgroup --gid $GID ansible && \
 	adduser --home /home/ansible --shell /bin/bash --disabled-password --gecos '' --gid $GID --uid $UID ansible