From 577a428c9c4f6fc544e9d078c238345173ef269a Mon Sep 17 00:00:00 2001
From: Andre Henn <henn@terrestris.de>
Date: Fri, 9 Feb 2024 10:00:28 +0100
Subject: [PATCH] perform cleanup before geoserver user is set as current user

---
 Dockerfile | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b95317e..6917c0d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -100,6 +100,18 @@ COPY *.sh /opt/
 # CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers.
 RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
 
+
+# cleanup
+RUN apt purge -y  \
+  && apt autoremove --purge -y \
+  && rm -rf /tmp/ \
+  && rm -rf $CATALINA_HOME/webapps/ROOT \
+  && rm -rf $CATALINA_HOME/webapps/docs \
+  && rm -rf $CATALINA_HOME/webapps/examples \
+  && rm -rf $CATALINA_HOME/webapps/host-manager \
+  && rm -rf $CATALINA_HOME/webapps/manager
+
+
 # GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories
 # See also CIS Docker benchmark and docker best practices
 RUN chmod +x /opt/*.sh \
@@ -112,16 +124,6 @@ RUN chmod +x /opt/*.sh \
 
 USER geoserver
 
-# cleanup
-RUN apt purge -y  \
-  && apt autoremove --purge -y \
-  && rm -rf /tmp/ \
-  && rm -rf $CATALINA_HOME/webapps/ROOT \
-  && rm -rf $CATALINA_HOME/webapps/docs \
-  && rm -rf $CATALINA_HOME/webapps/examples \
-  && rm -rf $CATALINA_HOME/webapps/host-manager \
-  && rm -rf $CATALINA_HOME/webapps/manager
-
 WORKDIR /opt
 
 ENTRYPOINT ["/opt/startup.sh"]