[AAI-2175] Change aai champ container processes to run as non-root on the hostHEADmaster

Issue-ID: AAI-2175

Change-Id: Ia12e5401a1bc8a5490acf2cb025b9b62ce6bd538

Signed-off-by: rajeevme<rajeev.mehta@amdocs.com>
Change-Id: Icd8fbc0eb9c8d14e0d4a7316eedc0ccf9badd2b7

1 files changed, 27 insertions, 1 deletions

diff --git a/champ-service/src/main/bin/start.sh b/champ-service/src/main/bin/start.sh
index bf29db5..a062b63 100644
--- a/champ-service/src/main/bin/start.sh
+++ b/champ-service/src/main/bin/start.sh
@@ -54,6 +54,32 @@ if [ -z "$GRAPHIMPL_DEPS" ]; then
     exit 1
 fi
 
+# Changes related to:AAI-2175
+# Change aai champ container processes to run as non-root on the host
+USER_ID=${LOCAL_USER_ID:-9001}
+GROUP_ID=${LOCAL_GROUP_ID:-9001}
+CHAMP_LOGS=/var/log/onap/AAI-CHAMP
+
+if [ $(cat /etc/passwd | grep aaiadmin | wc -l) -eq 0 ]; then
+
+        groupadd aaiadmin -g ${GROUP_ID} || {
+                echo "Unable to create the group id for ${GROUP_ID}";
+                exit 1;
+        }
+        useradd --shell=/bin/bash -u ${USER_ID} -g ${GROUP_ID} -o -c "" -m aaiadmin || {
+                echo "Unable to create the user id for ${USER_ID}";
+                exit 1;
+        }
+fi;
+
+chown -R aaiadmin:aaiadmin ${MICRO_HOME}
+chown -R aaiadmin:aaiadmin ${APP_HOME}
+chown -R aaiadmin:aaiadmin ${CHAMP_LOGS}
+
+find ${MICRO_HOME}  -name "*.sh" -exec chmod +x {} +
+
+gosu aaiadmin ln -s /logs $MICRO_HOME/logs
+JAVA_CMD="exec gosu aaiadmin java";
 PROPS="-DAPP_HOME=$APP_HOME"
 PROPS="$PROPS -DCONFIG_HOME=$CONFIG_HOME"
 PROPS="$PROPS -Dlogging.config=$APP_HOME/bundleconfig/etc/logback.xml"
@@ -70,4 +96,4 @@ fi
 JVM_MAX_HEAP=${MAX_HEAP:-1024}
 
 set -x
-exec java -Xmx${JVM_MAX_HEAP}m $PROPS -Dloader.path="${GRAPHIMPL_DEPS}" -jar "${APP_HOME}/champ-service.jar"
+${JAVA_CMD} -Xmx${JVM_MAX_HEAP}m $PROPS -Dloader.path="${GRAPHIMPL_DEPS}" -jar "${APP_HOME}/champ-service.jar"