[AAI-2177] Run container process as non-root

Issue-ID: AAI-2177 Change-Id: Id4b922ee1fb8cf36ea22d84849fc0192651ff7ab Signed-off-by: rajeevme <rajeev.mehta@amdocs.com> (cherry picked from commit 0c5c2a39ab3fb5aa54e0e70699a23db08455fcbe)
author: rajeevme <rajeev.mehta@amdocs.com> 2019-07-23 12:36:49 +0530
committer: Rajeev Mehta <rajeev.mehta@amdocs.com> 2019-07-24 06:00:11 +0000
commit: bbe7efa2068e0d5393abc2a0240814ef18960786 (patch)
tree: a3dfbecf9f8c6de9a7044a0f646a7e7af4ef90c8 /src/main
parent: a0844ddb55a5b3a2cddc9b64c26187f93e0ca885 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index c99d763..343ed4d 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -22,6 +22,22 @@ COPY *.sh $BIN_HOME
 COPY bundleconfig-local $MICRO_HOME/bundleconfig
 COPY bundleconfig-local/etc/logback.xml $MICRO_HOME/bundleconfig/etc
 RUN chmod 755 $BIN_HOME/*
+
+# Changes related to:AAI-2177
+# Change aai gizmo container processes to run as non-root on the host
+
+#Note:The group id and user id used below (492382 & 341790 respectively) are chosen arbitarily based on assumption that
+# these are not used elsewhere. Please see  https://jira.onap.org/browse/AAI-2172 for more background on this.
+
+RUN mkdir /opt/aaihome && \
+     groupadd -g 492382 aaiadmin && \
+     useradd -r -u 341790  -g 492382 -ms /bin/sh -d /opt/aaihome/aaiadmin aaiadmin && \
+     chown -R aaiadmin:aaiadmin $MICRO_HOME &&\
+     mkdir /logs && \
+     chown -R aaiadmin:aaiadmin  /logs
+
+USER aaiadmin
+
 RUN ln -s /logs $MICRO_HOME/logs
 
 EXPOSE 9520 9520
author	rajeevme <rajeev.mehta@amdocs.com>	2019-07-23 12:36:49 +0530
committer	Rajeev Mehta <rajeev.mehta@amdocs.com>	2019-07-24 06:00:11 +0000
commit	bbe7efa2068e0d5393abc2a0240814ef18960786 (patch)
tree	a3dfbecf9f8c6de9a7044a0f646a7e7af4ef90c8 /src/main
parent	a0844ddb55a5b3a2cddc9b64c26187f93e0ca885 (diff)