Containers should not run as root by default

Issue-ID: AAI-2822 Signed-off-by: wr148d <wr148d@att.com> Change-Id: I9f01acd217c20dd1c250401e9a96edc31ce77a79
author: wr148d <wr148d@att.com> 2020-06-01 14:26:31 -0400
committer: wr148d <wr148d@att.com> 2020-06-01 14:27:44 -0400
commit: 12c26408f8c7891dff22bd2549e34b1b00fb9461 (patch)
tree: c22e5072d1c66947d5aacd9246d26b139c3698e2 /src/main/docker/Dockerfile
parent: bfeeae6a4964ebacaca933e5453e528ce0abba0f (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 9129f09..a9d4f2a 100755
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -1,6 +1,6 @@
 FROM @aai.docker.namespace@/aai-common-@aai.base.image@:@aai.base.image.version@
 
-RUN  mkdir -p /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-GA
+RUN  mkdir -p /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-GA /opt/app/aai-graphadmin/logs/gc
 
 VOLUME /opt/aai/logroot/AAI-GA
 VOLUME /opt/data
@@ -8,9 +8,18 @@ VOLUME /opt/tools
 
 HEALTHCHECK --interval=40s --timeout=10s --retries=3 CMD nc -z -v localhost 8449 || exit 1
 
+RUN groupadd aaiadmin -g 1000
+
+RUN adduser -u 1000 -h /opt/aaihome/aaiadmin -S -D -G aaiadmin -s /bin/bash aaiadmin
+
 # Add the proper files into the docker image from your build
 WORKDIR /opt/app/aai-graphadmin
-COPY /maven/aai-graphadmin/ .
+
+RUN chown -R aaiadmin:aaiadmin /opt/app/aai-graphadmin /etc/profile.d /opt/aai/logroot/AAI-GA /opt/app /opt/aai/logroot /opt/app/aai-graphadmin/logs/gc
+
+COPY --chown=aaiadmin:aaiadmin /maven/aai-graphadmin/ .
+
+USER aaiadmin
 
 ENV AAI_BUILD_VERSION @aai.docker.version@
 # Expose the ports for outside linux to use
author	wr148d <wr148d@att.com>	2020-06-01 14:26:31 -0400
committer	wr148d <wr148d@att.com>	2020-06-01 14:27:44 -0400
commit	12c26408f8c7891dff22bd2549e34b1b00fb9461 (patch)
tree	c22e5072d1c66947d5aacd9246d26b139c3698e2 /src/main/docker/Dockerfile
parent	bfeeae6a4964ebacaca933e5453e528ce0abba0f (diff)