From 879dbd69fd7801798d8e2e2662de1758accb9105 Mon Sep 17 00:00:00 2001
From: Jack Lucas <jflucas@research.att.com>
Date: Wed, 4 Mar 2020 11:06:57 -0500
Subject: Run bootstrap container as non-root user

Issue-ID: DCAEGEN2-2072
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: I2555fdd6d1606d9f05a8711cf1fdacd43a9a1e35
---
 Dockerfile-template | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'Dockerfile-template')

diff --git a/Dockerfile-template b/Dockerfile-template
index 8c2e084..54609ca 100644
--- a/Dockerfile-template
+++ b/Dockerfile-template
@@ -61,3 +61,12 @@ COPY blueprints/  /blueprints
 
 # Set up runtime script
 ENTRYPOINT exec "/scripts/bootstrap.sh"
+
+# Set up a non-root user
+RUN mkdir -p /opt/bootstrap \
+  && useradd -d /opt/bootstrap bootstrap \
+  && chown -R bootstrap:bootstrap /opt/bootstrap \
+  && chown -R bootstrap:bootstrap /scripts \
+  && chown -R bootstrap:bootstrap /blueprints \
+  && chown -R bootstrap:bootstrap /opt/consul
+USER bootstrap
-- 
cgit 1.2.3-korg