From 1bbc582947e8c0c54cbc33e2689e4b9195f421f7 Mon Sep 17 00:00:00 2001 From: Jean-Kevin KPADEY Date: Sat, 8 Jun 2024 14:37:45 +0200 Subject: [PATCH 1/2] Fix permissions on /tmp/modsecurity directory on Apache image Following #227, http user cannot read or write /tmp/modsecurity. Added /tmp/modsecurity to the list of directories owned by httpd --- apache/Dockerfile | 1 + apache/Dockerfile-alpine | 1 + 2 files changed, 2 insertions(+) diff --git a/apache/Dockerfile b/apache/Dockerfile index 91a6f4a..93854e8 100644 --- a/apache/Dockerfile +++ b/apache/Dockerfile @@ -216,6 +216,7 @@ RUN set -eux; \ /var/log/ \ /usr/local/apache2/ \ /etc/modsecurity.d \ + /tmp/modsecurity \ /opt/owasp-crs USER httpd diff --git a/apache/Dockerfile-alpine b/apache/Dockerfile-alpine index ce031a5..b8ac444 100644 --- a/apache/Dockerfile-alpine +++ b/apache/Dockerfile-alpine @@ -220,6 +220,7 @@ RUN set -eux; \ /var/log/ \ /usr/local/apache2/ \ /etc/modsecurity.d \ + /tmp/modsecurity \ /opt/owasp-crs USER httpd From ac7882ab1e855d06912dc4b773f47dff9d1b10df Mon Sep 17 00:00:00 2001 From: Jean-Kevin KPADEY Date: Sun, 9 Jun 2024 08:06:51 +0200 Subject: [PATCH 2/2] Remove `chown` setting `www-data` owner of `/tmp/modsecurity` --- apache/Dockerfile | 1 - apache/Dockerfile-alpine | 1 - 2 files changed, 2 deletions(-) diff --git a/apache/Dockerfile b/apache/Dockerfile index 93854e8..d37ed8a 100644 --- a/apache/Dockerfile +++ b/apache/Dockerfile @@ -186,7 +186,6 @@ RUN set -eux; \ mkdir -p /tmp/modsecurity/data; \ mkdir -p /tmp/modsecurity/upload; \ mkdir -p /tmp/modsecurity/tmp; \ - chown -R $(awk '/^User/ { print $2;}' /usr/local/apache2/conf/httpd.conf) /tmp/modsecurity; \ mkdir -p /var/log/apache2/; \ ln -s /opt/owasp-crs /etc/modsecurity.d/; \ sed -i -E 's|(Listen) [0-9]+|\1 ${PORT}|' /usr/local/apache2/conf/httpd.conf; \ diff --git a/apache/Dockerfile-alpine b/apache/Dockerfile-alpine index b8ac444..22c2daf 100644 --- a/apache/Dockerfile-alpine +++ b/apache/Dockerfile-alpine @@ -215,7 +215,6 @@ RUN set -eux; \ mkdir -p /tmp/modsecurity/data; \ mkdir -p /tmp/modsecurity/upload; \ mkdir -p /tmp/modsecurity/tmp; \ - chown -R $(awk '/^User/ { print $2;}' /usr/local/apache2/conf/httpd.conf) /tmp/modsecurity /var/log/apache2; \ chown -R httpd:httpd \ /var/log/ \ /usr/local/apache2/ \