[AAI-2177] Run container process as non-root

Issue-ID: AAI-2177

Change-Id: I8844d2b58a3ce0b501c5621d1271f0da3ac32784

Signed-off-by: rajeevme<rajeev.mehta@amdocs.com>
Change-Id: I3d99cad8b8398b1899395c611b5790aefb6787b7

1 files changed, 5 insertions, 0 deletions

diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 35297e7..036091e 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -12,6 +12,11 @@ ARG USERS_HOME=/opt/aaihome
 RUN mkdir -p $MICRO_HOME $USERS_HOME /logs \
     && groupadd -g 492382 aaiadmin \
     && useradd -r -u 341790  -g 492382 -ms /bin/sh -d $USERS_HOME/aaiadmin aaiadmin
+##The following 2 lines are added to add the user to the sudoers group
+##The script src\main\bin\start.sh could then optionally run the process as sudo user if an environment variable is set
+## By default the sudo mode is disabled.
+RUN usermod -aG sudo aaiadmin  &&\
+    echo  'aaiadmin  ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
 WORKDIR $MICRO_HOME
 COPY /maven/gizmo/ .
 RUN chmod 755 $BIN_HOME/* \