fix runas message for tomcat

bshp · Feb 2, 2024 · 22388fc · 22388fc
1 parent 6c2377e
commit 22388fc
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/src/usr/lib/ocie/include/config/tomcat b/src/usr/lib/ocie/include/config/tomcat
@@ -18,7 +18,7 @@ function tomcat_set_env()
 {
     echo "export JAVA_OPTS=\"${JAVA_OPTS} ${APP_PARAMS}\"" > ${CATALINA_HOME}/bin/setenv.sh
     echo "export VADC_IP_REG=\"${APP_PROXIES}\"" >> ${CATALINA_HOME}/bin/setenv.sh
-    chown tomcat:tomcat "${CATALINA_HOME}/bin/setenv.sh";
+    chown ${APP_OWNER}:${APP_GROUP} "${CATALINA_HOME}/bin/setenv.sh";
     chmod a+x "${CATALINA_HOME}/bin/setenv.sh";
 }
 

diff --git a/src/usr/sbin/ociectl b/src/usr/sbin/ociectl
@@ -106,10 +106,15 @@ function ocie_start()
     ocie_keys;
     ocie_config;
     ocie_deploy;
-    if [[ "${APP_OWNER}" == "root" ]];then
+    RUNAS="${APP_OWNER}";
+    # DISA STIG V-222986, Tomcat owner is root but runas is tomcat
+    if [[ "${APP_TYPE}" == "tomcat" ]];then
+        RUNAS="tomcat";
+    fi;
+    if [[ "${RUNAS}" == "root" ]];then
         echo "Ocie: Application is set to run as [ root ], set APP_OWNER to change the account";
     else
-        echo "Ocie: Application will run as [ ${APP_OWNER} ] OR you can set APP_OWNER to [ root ] and risk it for the biscuit";
+        echo "Ocie: Application will run as [ ${RUNAS} ] OR you can set APP_OWNER to [ root ] and risk it for the biscuit";
     fi;
     echo "Ocie: Initialization complete, starting container";
     app_start;