From c9e5ea466349ac11b776b203d1e46a8b0653f544 Mon Sep 17 00:00:00 2001
From: rajeevme <rajeevme@amdocs.com>
Date: Tue, 20 Aug 2019 09:31:28 +0530
Subject: [AAI-2177] Run container process as non-root

Issue-ID: AAI-2177

Change-Id: I0049f4dc23b70edfd607c60f1ecfe441d99e2671

Signed-off-by: rajeevme<rajeev.mehta@amdocs.com>
Change-Id: Ib6cc6417560f2fcb19ec7a912d6d5292f8b3252a
---
 src/main/bin/start.sh      | 4 ++++
 src/main/docker/Dockerfile | 6 ++++++
 2 files changed, 10 insertions(+)

(limited to 'src/main')

diff --git a/src/main/bin/start.sh b/src/main/bin/start.sh
index 87ec099..2553d1f 100644
--- a/src/main/bin/start.sh
+++ b/src/main/bin/start.sh
@@ -33,4 +33,8 @@ fi
 JVM_MAX_HEAP=${MAX_HEAP:-1024}
 
 set -x
+if [ -z "$RUN_MS_AS_ROOT" ] ; then
 exec java -Xmx${JVM_MAX_HEAP}m $PROPS -jar ${APP_HOME}/gizmo.jar
+else
+exec sudo -E java -Xmx${JVM_MAX_HEAP}m $PROPS -jar ${APP_HOME}/gizmo.jar
+fi
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 343ed4d..b164907 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -32,6 +32,12 @@ RUN chmod 755 $BIN_HOME/*
 RUN mkdir /opt/aaihome && \
      groupadd -g 492382 aaiadmin && \
      useradd -r -u 341790  -g 492382 -ms /bin/sh -d /opt/aaihome/aaiadmin aaiadmin && \
+     
+      ##The following 2 lines are added to add the user to the sudoers group
+      ##The script src\main\bin\start.sh could then optionally run the process as sudo user if an environment variable is set
+      ## By default the sudo mode is disabled.
+      usermod -aG sudo aaiadmin  &&\
+      echo  'aaiadmin  ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \      
      chown -R aaiadmin:aaiadmin $MICRO_HOME &&\
      mkdir /logs && \
      chown -R aaiadmin:aaiadmin  /logs
-- 
cgit 1.2.3-korg