[Docker] Allow fms user to install packages

Add a sudo rule to permit the `fms` user to run `install_packages` if necessary.
author: Sam Pearson <sam@sgp.me.uk> 2020-03-09 13:25:44 +0000
committer: Sam Pearson <sam@sgp.me.uk> 2020-03-10 10:02:57 +0000
commit: 1022d7f263cf04eae5cbfef0fadf63ae38b53295 (patch)
tree: 42df11b114b8f36a13ff9b7793397e75ffa27b4b
parent: 630ad091519dff8aa9371502005fbb788d349632 (diff)
2 files changed, 7 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 16b8a032b..b858ac0d1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,8 @@
 * Unreleased
     - Admin improvements:
         - order unsent reports by confirmed date
+    - Bugfixes
+	- Application user in Docker container can't install packages. #2914
 
 * v3.0 (4th March 2020)
     - Security:
diff --git a/Dockerfile b/Dockerfile
index e3a747ca1..8f54e0d0d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,9 +4,12 @@ MAINTAINER sysadmin@mysociety.org
 ARG DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get -qq update \
-      && apt-get -qq -y install ca-certificates \
+      && apt-get -qq -y install ca-certificates sudo \
       && wget -O install-site.sh --no-verbose https://raw.githubusercontent.com/mysociety/commonlib/master/bin/install-site.sh \
-      && chmod +x /install-site.sh
+      && chmod +x /install-site.sh \
+      && echo 'fms ALL=(ALL) NOPASSWD: /var/www/fixmystreet/fixmystreet/bin/install_packages' \
+         >/etc/sudoers.d/10_fms_install_packages \
+      && chmod 0440 /etc/sudoers.d/10_fms_install_packages
 
 RUN /install-site.sh --docker fixmystreet fms 127.0.0.1.xip.io \
       && apt-get purge -y --auto-remove \
author	Sam Pearson <sam@sgp.me.uk>	2020-03-09 13:25:44 +0000
committer	Sam Pearson <sam@sgp.me.uk>	2020-03-10 10:02:57 +0000
commit	1022d7f263cf04eae5cbfef0fadf63ae38b53295 (patch)
tree	42df11b114b8f36a13ff9b7793397e75ffa27b4b
parent	630ad091519dff8aa9371502005fbb788d349632 (diff)