From de08b3b81d9048a2f9bb93c23b5a831a962ced61 Mon Sep 17 00:00:00 2001 From: Max Leske Date: Wed, 24 Jan 2024 14:51:07 +0100 Subject: [PATCH] feat: drop support for overriding USER Overrideing the USER only makes sense if it can be configured at build time, as that user needs to exist on the system. For containers, this functionality doesn't make much sense anyway. Fixes #184 --- README-containers.md | 2 -- README.md | 4 ---- apache/Dockerfile | 2 -- apache/Dockerfile-alpine | 3 --- apache/conf/extra/httpd-modsecurity.conf | 5 ----- nginx/Dockerfile | 2 -- nginx/Dockerfile-alpine | 2 -- 7 files changed, 20 deletions(-) diff --git a/README-containers.md b/README-containers.md index 9e1ee282..3cbaa853 100644 --- a/README-containers.md +++ b/README-containers.md @@ -174,8 +174,6 @@ All these variables impact in configuration directives in the modsecurity engine | Name | Description| | -- | -- | -| USER | Name (or #number) of the user to run httpd or nginx as (Default: `www-data` (httpd), `nginx` (nginx)) | -| GROUP | Name (or #number) of the group to run httpd as (Default: `www-data`) | | BACKEND | Backend address (and optional port) of the backend server. (Default: the container's default router, port 81) (Examples: 192.0.2.2, 192.0.2.2:80, ) | ### CRS specific diff --git a/README.md b/README.md index a0051c42..f810310a 100644 --- a/README.md +++ b/README.md @@ -259,8 +259,6 @@ All these variables impact in configuration directives in the modsecurity engine | Name | Description| | -------- | ------------------------------------------------------------------- | -| USER | A string value indicating the name (or #number) of the user to run httpd or nginx as (Default: `www-data` (httpd), `nginx` (nginx)) | -| GROUP | A string value indicating the name (or #number) of the group to run httpd as (Default: `www-data`) | | BACKEND | The backend address (and optional port) of the backend server. (Default: the container's default router, port 81) (Examples: 192.0.2.2, 192.0.2.2:80, ) | ### CRS specific @@ -359,8 +357,6 @@ docker run -dti -p 80:80 --rm \ -e TIMEOUT=60 \ -e LOGLEVEL=warn \ -e ERRORLOG='/proc/self/fd/2' \ - -e USER=daemon \ - -e GROUP=daemon \ -e SERVER_ADMIN=root@localhost \ -e SERVER_NAME=localhost \ -e PORT=80 \ diff --git a/apache/Dockerfile b/apache/Dockerfile index 29c9ae78..a6658370 100644 --- a/apache/Dockerfile +++ b/apache/Dockerfile @@ -134,8 +134,6 @@ ENV APACHE_ALWAYS_TLS_REDIRECT=off \ SSL_USE_STAPLING=On \ TIMEOUT=60 \ WORKER_CONNECTIONS=400 \ - USER=www-data \ - GROUP=www-data \ # CRS specific variables PARANOIA=1 \ ANOMALY_INBOUND=5 \ diff --git a/apache/Dockerfile-alpine b/apache/Dockerfile-alpine index a0397d49..05657fad 100644 --- a/apache/Dockerfile-alpine +++ b/apache/Dockerfile-alpine @@ -144,9 +144,6 @@ ENV APACHE_ALWAYS_TLS_REDIRECT=off \ SSL_USE_STAPLING=On \ TIMEOUT=60 \ WORKER_CONNECTIONS=400 \ - # overridden variables - USER=www-data \ - GROUP=www-data \ # CRS specific variables PARANOIA=1 \ ANOMALY_INBOUND=5 \ diff --git a/apache/conf/extra/httpd-modsecurity.conf b/apache/conf/extra/httpd-modsecurity.conf index d59e8887..5c268138 100644 --- a/apache/conf/extra/httpd-modsecurity.conf +++ b/apache/conf/extra/httpd-modsecurity.conf @@ -7,11 +7,6 @@ ErrorLog ${ERRORLOG} # https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#secserversignature SecServerSignature ${MODSEC_SERVER_SIGNATURE} - - User ${USER} - Group ${GROUP} - - RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 diff --git a/nginx/Dockerfile b/nginx/Dockerfile index e1c2dbf0..8b21e6c7 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -160,8 +160,6 @@ ENV ACCESSLOG=/var/log/nginx/access.log \ WORKER_CONNECTIONS=1024 \ LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib \ NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx \ - # overridden variables - USER=nginx \ # CRS specific variables PARANOIA=1 \ ANOMALY_INBOUND=5 \ diff --git a/nginx/Dockerfile-alpine b/nginx/Dockerfile-alpine index 8a1d5b31..eef38cbf 100644 --- a/nginx/Dockerfile-alpine +++ b/nginx/Dockerfile-alpine @@ -155,8 +155,6 @@ ENV ACCESSLOG=/var/log/nginx/access.log \ WORKER_CONNECTIONS=1024 \ LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib \ NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx \ - # overridden variables - USER=nginx \ # CRS specific variables PARANOIA=1 \ ANOMALY_INBOUND=5 \