Browse Source

* Set up login shell as nologin

tags/v1.2.0^2^2
Lyz 1 year ago
parent
commit
74082b2955
Signed by: Lyz <lyz@riseup.net> GPG Key ID: 6C7D7C1612CDE02F
3 changed files with 4 additions and 3 deletions
  1. 1
    0
      molecule/nginx-user/playbook.yml
  2. 2
    3
      molecule/nginx-user/tests/test_default.py
  3. 1
    0
      tasks/main.yml

+ 1
- 0
molecule/nginx-user/playbook.yml View File

@@ -63,6 +63,7 @@
63 63
     docker_registry_read: "{{ docker_registry }}"
64 64
     registry_user: testuser
65 65
     registry_password: testpassword
66
+    docker_user: nginx
66 67
     docker_image_tag: latest
67 68
     docker_command: /usr/bin/docker run --rm -i --name "{{ service_name }}" -p 8080:80 "{{ docker_registry_read }}/{{ service_name }}"
68 69
   roles:

+ 2
- 3
molecule/nginx-user/tests/test_default.py View File

@@ -23,14 +23,14 @@ def test_required_pip_packages_exist(host, pip_package):
23 23
     assert pip_package in pip_packages
24 24
 
25 25
 
26
-def test_user_nginx_exist(host, pip_package):
26
+def test_user_nginx_exist(host):
27 27
     assert host.user('nginx').name == 'nginx'
28
+    assert host.user('nginx').shell == '/usr/sbin/nologin'
28 29
 
29 30
 # Test remotely build from image
30 31
 
31 32
 
32 33
 @pytest.mark.parametrize("directories", [
33
-    ("/root/docker/"),
34 34
     ("/root/docker/image-nginx/data"),
35 35
     ("/root/docker/image-nginx/auth"),
36 36
 ])
@@ -67,7 +67,6 @@ def test_build_nginx_is_working(host):
67 67
 
68 68
 
69 69
 @pytest.mark.parametrize("directories", [
70
-    ("/root/docker/"),
71 70
     ("/root/docker/git-nginx/data"),
72 71
     ("/root/docker/git-nginx/auth"),
73 72
 ])

+ 1
- 0
tasks/main.yml View File

@@ -12,6 +12,7 @@
12 12
   user:
13 13
     name: "{{ docker_user }}"
14 14
     group: "{{ docker_group }}"
15
+    shell: /usr/sbin/nologin
15 16
   when:
16 17
     - docker_user != 'root'
17 18
     - docker_group != 'root'

Loading…
Cancel
Save