1 files changed, 14 insertions, 14 deletions

diff --git a/dcae-analytics/dcae-analytics-tca-web/Dockerfile b/dcae-analytics/dcae-analytics-tca-web/Dockerfile
index 2791e03..a2c59c4 100644
--- a/dcae-analytics/dcae-analytics-tca-web/Dockerfile
+++ b/dcae-analytics/dcae-analytics-tca-web/Dockerfile
@@ -9,23 +9,23 @@ ARG DOCKER_ARTIFACT_DIR
 ARG user=tca-gen2
 ARG group=tca-gen2
 
-WORKDIR ${DOCKER_ARTIFACT_DIR}
-#Copy dependencies and executable jar
-COPY ${PROJECT_BUILD_DIR_NAME}/${FINAL_JAR} .
-
 USER root
 
-#Symlink to overcome Docker limitation to put ARG inside ENTRYPOINT
-RUN mkdir -p /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \
-    addgroup $group && adduser --system --disabled-password --no-create-home --ingroup $group $user && \
-    chmod g+rwx /opt; \
-    chmod u+rw /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \
-    chown -R $user /opt && \
-    chown -R $user /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \
-    ln -s ${FINAL_JAR} tca-gen2.jar && \
-    chown $user ${FINAL_JAR} tca-gen2.jar
+RUN mkdir -p /var/log/ONAP/dcaegen2/analytics/tca-gen2
+#Add a new user and group to allow container to be run as non-root
+RUN addgroup $group && adduser --system --disabled-password --no-create-home --ingroup $group $user && \
+    chmod 775 /opt && \
+    chmod 775 /var/log/ONAP/dcaegen2/analytics/tca-gen2 && \
+    chown -R $user:$group /opt && \
+    chown -R $user:$group /var/log/ONAP/dcaegen2/analytics/tca-gen2
+
+#Copy dependencies and executable jar
+WORKDIR ${DOCKER_ARTIFACT_DIR}
+COPY ${PROJECT_BUILD_DIR_NAME}/${FINAL_JAR} .
+#Overcome Docker limitation to put ARG inside ENTRYPOINT
+RUN ln -s ${FINAL_JAR} tca-gen2.jar
 
 EXPOSE 8100
 
-USER $user
+USER $user:$group
 ENTRYPOINT ["java", "-Dspring.profiles.active=configBindingService,dmaap,mongo", "-jar", "tca-gen2.jar"]