summaryrefslogtreecommitdiffstats
path: root/tca-cdap-container/Dockerfile
diff options
context:
space:
mode:
authorjegadeeshbabu1 <jegabab1@in.ibm.com>2019-06-25 18:00:35 +0530
committerjegadeeshbabu1 <jegabab1@in.ibm.com>2019-06-25 18:00:58 +0530
commitedee214b27c5ffccaaba070da350ca8710faa86b (patch)
treedb728ee708427807ad33f428274eae9142306bde /tca-cdap-container/Dockerfile
parentd0395f7de8dea655f0e4ea214462311e23f45a78 (diff)
Added command to create non-root-user
Command to run app as non-root-user Issue-ID: DCAEGEN2-1559 Change-Id: I0d89f8b2169b3c491e6e4b0c4bd79390410ae981 Signed-off-by: jegadeeshbabu1 <jegabab1@in.ibm.com>
Diffstat (limited to 'tca-cdap-container/Dockerfile')
-rw-r--r--tca-cdap-container/Dockerfile6
1 files changed, 6 insertions, 0 deletions
diff --git a/tca-cdap-container/Dockerfile b/tca-cdap-container/Dockerfile
index 2c57ff2..e7ae748 100644
--- a/tca-cdap-container/Dockerfile
+++ b/tca-cdap-container/Dockerfile
@@ -16,6 +16,11 @@
FROM caskdata/cdap-standalone:4.1.2
+ARG USER_GROUP=tca-cdap-group
+ARG NON_ROOT_USER=tca-cdap
+
+#Add a new user and group to allow container to be run as non-root
+RUN addgroup --system ${USER_GROUP} && adduser --system ${NON_ROOT_USER} --ingroup ${USER_GROUP}
RUN apt-get update && apt-get install -y netcat jq iputils-ping wget vim curl
COPY get-tca.sh /opt/tca/get-tca.sh
RUN /opt/tca/get-tca.sh
@@ -33,4 +38,5 @@ RUN chmod 755 /opt/tca/mr-watchdog.sh
EXPOSE 11011
EXPOSE 11015
+USER ${NON_ROOT_USER}:${USER_GROUP}
ENTRYPOINT /opt/tca/restart.sh