From 12c26408f8c7891dff22bd2549e34b1b00fb9461 Mon Sep 17 00:00:00 2001
From: wr148d <wr148d@att.com>
Date: Mon, 1 Jun 2020 14:26:31 -0400
Subject: Containers should not run as root by default

Issue-ID: AAI-2822
Signed-off-by: wr148d <wr148d@att.com>
Change-Id: I9f01acd217c20dd1c250401e9a96edc31ce77a79
---
 src/main/docker/Dockerfile | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'src/main/docker/Dockerfile')

diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 9129f09..a9d4f2a 100755
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -1,6 +1,6 @@
 FROM @aai.docker.namespace@/aai-common-@aai.base.image@:@aai.base.image.version@
 
-RUN  mkdir -p /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-GA
+RUN  mkdir -p /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-GA /opt/app/aai-graphadmin/logs/gc
 
 VOLUME /opt/aai/logroot/AAI-GA
 VOLUME /opt/data
@@ -8,9 +8,18 @@ VOLUME /opt/tools
 
 HEALTHCHECK --interval=40s --timeout=10s --retries=3 CMD nc -z -v localhost 8449 || exit 1
 
+RUN groupadd aaiadmin -g 1000
+
+RUN adduser -u 1000 -h /opt/aaihome/aaiadmin -S -D -G aaiadmin -s /bin/bash aaiadmin
+
 # Add the proper files into the docker image from your build
 WORKDIR /opt/app/aai-graphadmin
-COPY /maven/aai-graphadmin/ .
+
+RUN chown -R aaiadmin:aaiadmin /opt/app/aai-graphadmin /etc/profile.d /opt/aai/logroot/AAI-GA /opt/app /opt/aai/logroot /opt/app/aai-graphadmin/logs/gc
+
+COPY --chown=aaiadmin:aaiadmin /maven/aai-graphadmin/ .
+
+USER aaiadmin
 
 ENV AAI_BUILD_VERSION @aai.docker.version@
 # Expose the ports for outside linux to use
-- 
cgit 1.2.3-korg