diff options
author | jegadeeshbabu1 <jegabab1@in.ibm.com> | 2019-06-25 18:00:35 +0530 |
---|---|---|
committer | jegadeeshbabu1 <jegabab1@in.ibm.com> | 2019-06-25 18:00:58 +0530 |
commit | edee214b27c5ffccaaba070da350ca8710faa86b (patch) | |
tree | db728ee708427807ad33f428274eae9142306bde /tca-cdap-container/Dockerfile | |
parent | d0395f7de8dea655f0e4ea214462311e23f45a78 (diff) |
Added command to create non-root-user
Command to run app as non-root-user
Issue-ID: DCAEGEN2-1559
Change-Id: I0d89f8b2169b3c491e6e4b0c4bd79390410ae981
Signed-off-by: jegadeeshbabu1 <jegabab1@in.ibm.com>
Diffstat (limited to 'tca-cdap-container/Dockerfile')
-rw-r--r-- | tca-cdap-container/Dockerfile | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tca-cdap-container/Dockerfile b/tca-cdap-container/Dockerfile index 2c57ff2..e7ae748 100644 --- a/tca-cdap-container/Dockerfile +++ b/tca-cdap-container/Dockerfile @@ -16,6 +16,11 @@ FROM caskdata/cdap-standalone:4.1.2 +ARG USER_GROUP=tca-cdap-group +ARG NON_ROOT_USER=tca-cdap + +#Add a new user and group to allow container to be run as non-root +RUN addgroup --system ${USER_GROUP} && adduser --system ${NON_ROOT_USER} --ingroup ${USER_GROUP} RUN apt-get update && apt-get install -y netcat jq iputils-ping wget vim curl COPY get-tca.sh /opt/tca/get-tca.sh RUN /opt/tca/get-tca.sh @@ -33,4 +38,5 @@ RUN chmod 755 /opt/tca/mr-watchdog.sh EXPOSE 11011 EXPOSE 11015 +USER ${NON_ROOT_USER}:${USER_GROUP} ENTRYPOINT /opt/tca/restart.sh |