summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2020-04-10 14:37:59 -0400
committerDan Timoney <dtimoney@att.com>2020-04-10 14:37:59 -0400
commita31c872db42c4e4b538248fa67cfcdfea618b8cd (patch)
treeb2dad634e9ac1cc1111c8e2b69a60f733dbc831c
parent2bd0d092dfc2cf9594b9c135be2e7c12ff264507 (diff)
Run naming service as non-root
Run naming service as non-root user ccsdk Change-Id: I1dc2fee3c3b4bd1b3a0e22cfc45ae27620130a20 Issue-ID: CCSDK-2149 Signed-off-by: Dan Timoney <dtimoney@att.com>
-rw-r--r--ms/neng/src/main/docker/Dockerfile7
1 files changed, 6 insertions, 1 deletions
diff --git a/ms/neng/src/main/docker/Dockerfile b/ms/neng/src/main/docker/Dockerfile
index 6225f35d..5327b11b 100644
--- a/ms/neng/src/main/docker/Dockerfile
+++ b/ms/neng/src/main/docker/Dockerfile
@@ -31,6 +31,11 @@ VOLUME /opt/etc
ADD opt/etc/ /opt/etc/
#ADD /opt/aai/ /opt/aai/
ADD startService.sh /startService.sh
+RUN addgroup -S ccsdk && adduser -S ccsdk -G ccsdk
+RUN chown ccsdk:ccsdk /startService.sh
+RUN chown -R ccsdk:ccsdk /opt
+RUN chmod go+w /tmp
RUN chmod 700 /startService.sh
-ENTRYPOINT sh /startService.sh
+USER ccsdk
+ENTRYPOINT sh /startService.sh
EXPOSE 8080