allow nearbeach user to run cron

this allows the container to run a non-root user

Dockerfile

@@ -6,13 +6,13 @@ RUN echo "**** install NearBeach Latest ****" && \
     pip install NearBeach
 
 RUN echo "**** copy over the crontab configuration ****"
-COPY crontab /etc/crontabs/root
+COPY --chown=nearbeach:nearbeach crontab /etc/crontabs/nearbeach
 
 RUN echo "**** setup of working directory ****"
 WORKDIR /oceansuite
 RUN chown nearbeach:nearbeach /oceansuite
-    
-#USER nearbeach
+
+USER nearbeach
 
 RUN echo "**** copy everything into the destination ****"
 COPY --chown=nearbeach:nearbeach . .

Dockerfile.base

@@ -37,6 +37,12 @@ RUN echo "**** install build packages ****" && \
     tini \
     tk-dev \
     zlib-dev
+    dcron \
+    libcap
+
+RUN echo "**** allow nearbeach user to run cron ****" && \
+    chown nearbeach:nearbeach /usr/sbin/crond && \
+    setcap cap_setgid=ep /usr/sbin/crond
 
 ARG TARGET_BRANCH=main
 # Copy the requirements.txt file

oceansuite/settings.py

@@ -108,6 +108,8 @@
 }
 
 
+# CRONTAB_TIMESTR="0 0 * * *"
+
 # Password validation
 # https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators
 
@@ -171,7 +173,7 @@
     STATIC_URL = '/static/'
 else:
     STATIC_URL = F"https://cdn.nearbeach.org/{VERSION}/"
-    
+
 MEDIA_URL = '/media/'
 MEDIA_ROOT = os.path.join(BASE_DIR,'media/')
 

setup_db_and_run_server.sh

@@ -10,8 +10,11 @@ python manage.py migrate
 python manage.py initadmin
 echo "**** DB setup complete ****"
 
+echo "**** Updating Crontab ****"
+python manage.py updatecrontab
+
 echo "**** Starting Cron Services ****"
-crond
+crond -b -l 8
 
 echo "**** running NearBeach ****"
-python manage.py runserver 0.0.0.0:8000
+python manage.py runserver 0.0.0.0:8000