From 84a698216de659b5081311ada476ab6443cba982 Mon Sep 17 00:00:00 2001 From: Piotr Bochenski Date: Tue, 18 Jun 2019 12:03:42 +0200 Subject: Run PRH app as non-root user inside container Change-Id: I50632fdfbcea55445be2ea70c54808ec991446ee Issue-ID: DCAEGEN2-1558 Signed-off-by: Piotr Bochenski --- prh-app-server/pom.xml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml index 8bda3f07..3fd8dfd5 100644 --- a/prh-app-server/pom.xml +++ b/prh-app-server/pom.xml @@ -39,7 +39,9 @@ org.onap.dcaegen2.services.prh.MainApp libs ${project.build.directory}/${dependency.dir.name} - /opt + + prh + /home/${docker.user.name} onap/${project.groupId}.${project.artifactId} @@ -115,7 +117,7 @@ latest openjdk:${java.version}-jre-alpine - ${docker.artifact.dir} + ${docker.user.dir} ${dependency.dir.location} @@ -126,10 +128,14 @@ ${project.build.finalName}.jar + + adduser -h ${docker.user.dir} -D ${docker.user.name}; chmod -R a+w /var/log + 8100 8433 + ${docker.user.name} ["java", "-jar", "${project.build.finalName}.jar"] -- cgit 1.2.3-korg