run as non root user

Issue-ID: DMAAP-1040
Change-Id: Ia4e44a7e3b61c17a8b970faf3070ab3cab66c7b6
Signed-off-by: sunil.unnava <sunil.unnava@att.com>

2 files changed, 9 insertions, 1 deletions

diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index d837fb9..2ac2f3d 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -31,6 +31,7 @@ ADD broker-list.sh /usr/bin/broker-list.sh
 ADD create-topics.sh /usr/bin/create-topics.sh
 ADD start-kafkaOrMirrorMaker.sh /usr/bin/start-kafkaOrMirrorMaker.sh
 ADD start-mirrormaker.sh /usr/bin/start-mirrormaker.sh
+RUN mkdir /opt/logs
 # The scripts need to have executable permission
 RUN chmod a+x /usr/bin/start-kafka.sh && \
     chmod a+x /usr/bin/broker-list.sh && \
@@ -39,3 +40,11 @@ RUN chmod a+x /usr/bin/start-kafka.sh && \
     chmod a+x /usr/bin/create-topics.sh
 # Use "exec" form so that it runs as PID 1 (useful for graceful shutdown)
 CMD ["start-kafkaOrMirrorMaker.sh"]
+
+RUN addgroup  onap \
+    && adduser  mrkafka -G onap \
+    && chown -R mrkafka:onap  /opt/kafka/ /opt/logs/ /opt/etc/ /kafka/  /usr/bin/ /tmp/
+
+USER mrkafka
+
+
diff --git a/src/main/docker/start-mirrormaker.sh b/src/main/docker/start-mirrormaker.sh
index f82092a..0e9100f 100644
--- a/src/main/docker/start-mirrormaker.sh
+++ b/src/main/docker/start-mirrormaker.sh
@@ -143,7 +143,6 @@ export KAFKA_OPTS="-Djava.security.auth.login.config=$KAFKA_HOME/config/kafka_se
 
 
 
-mkdir /opt/logs
 cp /tmp/kafka-run-class.sh /opt/kafka/bin
 java -jar /tmp/dmaapMMAgent.jar