From 0c836b6757d01b26aebb31048adf3f0b4b64bf73 Mon Sep 17 00:00:00 2001
From: nearlynocturnalbeach <nearlynocturnalbeach@gmail.com>
Date: Mon, 2 Dec 2024 10:28:44 +0000
Subject: [PATCH] allow nearbeach user to run cron

this allows the container to run a non-root user
---
 Dockerfile                 | 6 +++---
 Dockerfile.base            | 6 ++++++
 oceansuite/settings.py     | 4 +++-
 setup_db_and_run_server.sh | 7 +++++--
 4 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b42076f..0177cdb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,13 +6,13 @@ RUN echo "**** install NearBeach Latest ****" && \
     pip install NearBeach
 
 RUN echo "**** copy over the crontab configuration ****"
-COPY crontab /etc/crontabs/root
+COPY --chown=nearbeach:nearbeach crontab /etc/crontabs/nearbeach
 
 RUN echo "**** setup of working directory ****"
 WORKDIR /oceansuite
 RUN chown nearbeach:nearbeach /oceansuite
-    
-#USER nearbeach
+
+USER nearbeach
 
 RUN echo "**** copy everything into the destination ****"
 COPY --chown=nearbeach:nearbeach . .
diff --git a/Dockerfile.base b/Dockerfile.base
index cc336de..cee0ad0 100644
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -37,6 +37,12 @@ RUN echo "**** install build packages ****" && \
     tini \
     tk-dev \
     zlib-dev
+    dcron \
+    libcap
+
+RUN echo "**** allow nearbeach user to run cron ****" && \
+    chown nearbeach:nearbeach /usr/sbin/crond && \
+    setcap cap_setgid=ep /usr/sbin/crond
 
 ARG TARGET_BRANCH=main
 # Copy the requirements.txt file
diff --git a/oceansuite/settings.py b/oceansuite/settings.py
index c30027e..f0cb4ce 100644
--- a/oceansuite/settings.py
+++ b/oceansuite/settings.py
@@ -108,6 +108,8 @@
 }
 
 
+# CRONTAB_TIMESTR="0 0 * * *"
+
 # Password validation
 # https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators
 
@@ -171,7 +173,7 @@
     STATIC_URL = '/static/'
 else:
     STATIC_URL = F"https://cdn.nearbeach.org/{VERSION}/"
-    
+
 MEDIA_URL = '/media/'
 MEDIA_ROOT = os.path.join(BASE_DIR,'media/')
 
diff --git a/setup_db_and_run_server.sh b/setup_db_and_run_server.sh
index dac9097..4394fc8 100644
--- a/setup_db_and_run_server.sh
+++ b/setup_db_and_run_server.sh
@@ -10,8 +10,11 @@ python manage.py migrate
 python manage.py initadmin
 echo "**** DB setup complete ****"
 
+echo "**** Updating Crontab ****"
+python manage.py updatecrontab
+
 echo "**** Starting Cron Services ****"
-crond
+crond -b -l 8
 
 echo "**** running NearBeach ****"
-python manage.py runserver 0.0.0.0:8000
\ No newline at end of file
+python manage.py runserver 0.0.0.0:8000