diff options
author | dglFromAtt <dgl@research.att.com> | 2019-04-12 18:59:42 +0000 |
---|---|---|
committer | dglFromAtt <dgl@research.att.com> | 2019-04-12 18:59:56 +0000 |
commit | 85e7c7e57c262e38a0b3e0a14e4ebf4b92f00a58 (patch) | |
tree | d70dbb91af617a2ff771c730279078aaefd3cc6f /dmaap-bc | |
parent | d1eb116b93ba7a6f8dae7e34157a6e155104db9a (diff) |
Run as non-root
Change-Id: I25f5bf778b9878648bd305fa0de965e4e7ec718c
Signed-off-by: dglFromAtt <dgl@research.att.com>
Issue-ID: DMAAP-1164
Diffstat (limited to 'dmaap-bc')
-rw-r--r-- | dmaap-bc/misc/dmaapbc | 46 | ||||
-rw-r--r-- | dmaap-bc/pom.xml | 2 | ||||
-rw-r--r-- | dmaap-bc/src/main/resources/Dockerfile | 6 | ||||
-rw-r--r-- | dmaap-bc/version.properties | 2 |
4 files changed, 28 insertions, 28 deletions
diff --git a/dmaap-bc/misc/dmaapbc b/dmaap-bc/misc/dmaapbc index 74e8707..97ad226 100644 --- a/dmaap-bc/misc/dmaapbc +++ b/dmaap-bc/misc/dmaapbc @@ -25,7 +25,8 @@ umask 0022 TZ=GMT0 COMPONENT=dmaapbc APP_ROOT=/opt/app/$COMPONENT -USER=root +USER=dbc +GROUP=onap export TZ PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/java/jdk/jdk180/bin export PATH @@ -36,7 +37,22 @@ CONFIGMAP_PROPS=${CONFIGMAP_PROPS:-$CONFIGMAP_ROOT/conf/dmaapbc.properties} CONTAINER_CONFIG=$CONFIGMAP_ROOT/conf/buscontroller.env MAIN=org.onap.dmaap.dbcapi.server.Main - +authcheck() { + set -x + ID=`id -n -u` + GRP=`id -n -g` + if [ "$ID" != "$USER" ] + then + echo $COMPONENT must be started as user $USER not $ID + exit 1 + fi + if [ "$GRP" != "$GROUP" ] + then + echo $COMPONENT must be started as group $GROUP not $GRP + exit 1 + fi + set +x +} pids() { set -x @@ -92,18 +108,7 @@ config() { start() { echo "ENTER start" set -x - ID=`id -n -u` - GRP=`id -n -g` - if [ "$ID" != "$USER" ] - then - echo $COMPONENT must be started as user $USER not $ID - exit 1 - fi - if [ "$GRP" != "$USER" ] - then - echo $COMPONENT must be started as group $USER not $GRP - exit 1 - fi + authcheck cd $APP_ROOT pwd @@ -134,18 +139,7 @@ start() { stop() { echo "ENTER stop" - ID=`id -n -u` - GRP=`id -n -g` - if [ "$ID" != "$USER" ] - then - echo $COMPONENT must be stopped as user $USER not $ID - exit 1 - fi - if [ "$GRP" != "$USER" ] - then - echo $COMPONENT must be stopped as group $USER not $GRP - exit 1 - fi + authcheck touch $APP_ROOT/etc/SHUTDOWN PIDS=`pids` if [ "$PIDS" != "" ] diff --git a/dmaap-bc/pom.xml b/dmaap-bc/pom.xml index 8252249..cf73b79 100644 --- a/dmaap-bc/pom.xml +++ b/dmaap-bc/pom.xml @@ -469,7 +469,7 @@ <jettyVersion>9.4.12.RC2</jettyVersion> <eelf.version>1.0.0</eelf.version> <swagger.version>1.5.19</swagger.version> - <artifact.version>1.1.3</artifact.version> + <artifact.version>1.1.4</artifact.version> <!-- SONAR --> <jacoco.version>0.7.7.201606060606</jacoco.version> <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> diff --git a/dmaap-bc/src/main/resources/Dockerfile b/dmaap-bc/src/main/resources/Dockerfile index 014fb5e..d930a6f 100644 --- a/dmaap-bc/src/main/resources/Dockerfile +++ b/dmaap-bc/src/main/resources/Dockerfile @@ -53,4 +53,10 @@ RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \ VOLUME /opt/app/dmaapbc/log +RUN addgroup -S -g 1001 onap \ + && adduser -S -u 1000 dbc -G onap \ + && chown -R dbc:onap /opt/ + +USER dbc + ENTRYPOINT ["sh", "./bin/dmaapbc", "deploy"] diff --git a/dmaap-bc/version.properties b/dmaap-bc/version.properties index 635e84d..fcbb908 100644 --- a/dmaap-bc/version.properties +++ b/dmaap-bc/version.properties @@ -27,7 +27,7 @@ major=1 minor=1 -patch=3 +patch=4 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins |