diff options
| author |   rajeevme <rajeevme@amdocs.com> | 2019-08-20 09:31:28 +0530 |
|---|---|---|
| committer |   rajeevme <rajeev.mehta@amdocs.com> | 2019-08-20 11:56:38 +0530 |
| commit | c9e5ea466349ac11b776b203d1e46a8b0653f544 (patch) | |
| tree | 1e50254847887aabb02d7410ca6424a8639f72b7 | |
| parent | 3cc73e4e7a0c81970a27035b5a982a6963714bc2 (diff) | |
[AAI-2177] Run container process as non-root
Issue-ID: AAI-2177
Change-Id: I0049f4dc23b70edfd607c60f1ecfe441d99e2671
Signed-off-by: rajeevme<rajeev.mehta@amdocs.com>
Change-Id: Ib6cc6417560f2fcb19ec7a912d6d5292f8b3252a
| -rw-r--r-- | src/main/bin/start.sh | 4 | ||||
| -rw-r--r-- | src/main/docker/Dockerfile | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/main/bin/start.sh b/src/main/bin/start.sh index 87ec099..2553d1f 100644 --- a/src/main/bin/start.sh +++ b/src/main/bin/start.sh @@ -33,4 +33,8 @@ fi JVM_MAX_HEAP=${MAX_HEAP:-1024} set -x +if [ -z "$RUN_MS_AS_ROOT" ] ; then exec java -Xmx${JVM_MAX_HEAP}m $PROPS -jar ${APP_HOME}/gizmo.jar +else +exec sudo -E java -Xmx${JVM_MAX_HEAP}m $PROPS -jar ${APP_HOME}/gizmo.jar +fi diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index 343ed4d..b164907 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -32,6 +32,12 @@ RUN chmod 755 $BIN_HOME/* RUN mkdir /opt/aaihome && \ groupadd -g 492382 aaiadmin && \ useradd -r -u 341790 -g 492382 -ms /bin/sh -d /opt/aaihome/aaiadmin aaiadmin && \ + + ##The following 2 lines are added to add the user to the sudoers group + ##The script src\main\bin\start.sh could then optionally run the process as sudo user if an environment variable is set + ## By default the sudo mode is disabled. + usermod -aG sudo aaiadmin &&\ + echo 'aaiadmin ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ chown -R aaiadmin:aaiadmin $MICRO_HOME &&\ mkdir /logs && \ chown -R aaiadmin:aaiadmin /logs |