Skip to content

Commit

Permalink
[TCQA] Change Permissions @ Windows 2022 images (#130)
Browse files Browse the repository at this point in the history 
* Update dockerfiles - add permission for 'Users' and `DefaultUser` groups.
  • Loading branch information
@AndreyKoltsov1997
AndreyKoltsov1997 committed Nov 27, 2023
1 parent 9f0eb9c commit d932450
Show file tree
Hide file tree
Showing 8 changed files with 22 additions and 0 deletions.
1 change: 1 addition & 0 deletions configs/windows/Agent/nanoserver/NanoServer2022.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ FROM ${powershellImage} AS dotnet
USER ContainerAdministrator

COPY scripts/*.cs /scripts/

SHELL ["pwsh", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]

# Based on ${teamcityWindowsservercoreImage}
Expand Down
1 change: 1 addition & 0 deletions configs/windows/Agent/windowsservercore/WindowsServerCore2022.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ EXPOSE 9090

VOLUME C:/BuildAgent/conf

USER ContainerUser
CMD ["powershell", "./BuildAgent/run-agent.ps1"]

# Configuration file for TeamCity agent
Expand Down
6 changes: 6 additions & 0 deletions configs/windows/MinimalAgent/nanoserver/NanoServer2022.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,12 @@ ENV JAVA_HOME="C:\Program Files\Java\OpenJDK" \

COPY --chown=ContainerUser --from=base /BuildAgent /BuildAgent

USER ContainerAdministrator
# Grant Permissions for ContainerUser (Default Account), OI - Object Inherit, CI - Contaiber Inherit, F - full control
RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r DefaultAccount:(OI)(CI)F
RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r Users:(OI)(CI)F
USER ContainerUser

VOLUME C:/BuildAgent/conf
VOLUME C:/BuildAgent/work
VOLUME C:/BuildAgent/temp
Expand Down
3 changes: 3 additions & 0 deletions configs/windows/Server/nanoserver/NanoServer2022.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,4 +121,7 @@ CMD ["pwsh", "C:/TeamCity/run-server.ps1"]
# In order to set system PATH, ContainerAdministrator must be used
USER ContainerAdministrator
RUN setx /M PATH "%PATH%;%JAVA_HOME%\bin;C:\Program Files\Git\cmd"
# Grant Permissions for ContainerUser (Default Account), OI - Object Inherit, CI - Contaiber Inherit, F - full control
RUN cmd /c icacls.exe C:\\TeamCity\\* /grant:r DefaultAccount:(OI)(CI)F
RUN cmd /c icacls.exe C:\\TeamCity\\* /grant:r Users:(OI)(CI)F
USER ContainerUser
1 change: 1 addition & 0 deletions context/generated/windows/Agent/nanoserver/2022/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ FROM ${powershellImage} AS dotnet
USER ContainerAdministrator

COPY scripts/*.cs /scripts/

SHELL ["pwsh", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]

ARG teamcityWindowsservercoreImage
Expand Down
1 change: 1 addition & 0 deletions context/generated/windows/Agent/windowsservercore/2022/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ EXPOSE 9090

VOLUME C:/BuildAgent/conf

USER ContainerUser
CMD ["powershell", "./BuildAgent/run-agent.ps1"]

# Configuration file for TeamCity agent
Expand Down
6 changes: 6 additions & 0 deletions context/generated/windows/MinimalAgent/nanoserver/2022/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ ENV JAVA_HOME="C:\Program Files\Java\OpenJDK" \

COPY --chown=ContainerUser --from=base /BuildAgent /BuildAgent

USER ContainerAdministrator
# Grant Permissions for ContainerUser (Default Account), OI - Object Inherit, CI - Contaiber Inherit, F - full control
RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r DefaultAccount:(OI)(CI)F
RUN cmd /c icacls.exe C:\\BuildAgent\\* /grant:r Users:(OI)(CI)F
USER ContainerUser

VOLUME C:/BuildAgent/conf
VOLUME C:/BuildAgent/work
VOLUME C:/BuildAgent/temp
Expand Down
3 changes: 3 additions & 0 deletions context/generated/windows/Server/nanoserver/2022/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,4 +117,7 @@ CMD ["pwsh", "C:/TeamCity/run-server.ps1"]
# In order to set system PATH, ContainerAdministrator must be used
USER ContainerAdministrator
RUN setx /M PATH "%PATH%;%JAVA_HOME%\bin;C:\Program Files\Git\cmd"
# Grant Permissions for ContainerUser (Default Account), OI - Object Inherit, CI - Contaiber Inherit, F - full control
RUN cmd /c icacls.exe C:\\TeamCity\\* /grant:r DefaultAccount:(OI)(CI)F
RUN cmd /c icacls.exe C:\\TeamCity\\* /grant:r Users:(OI)(CI)F
USER ContainerUser

0 comments on commit d932450

Please sign in to comment.