run container as non root user

Issue-ID: DMAAP-1040 Change-Id: I98557ba333477f7ad8878ac53cd9e2005e044e8a Signed-off-by: sunil unnava <sunil.unnava@att.com>
author: sunil unnava <sunil.unnava@att.com> 2019-02-12 15:16:02 -0500
committer: sunil unnava <sunil.unnava@att.com> 2019-02-12 15:16:21 -0500
commit: 6bd0d04630efa61bff5711395cc7e5c532cba052 (patch)
tree: 79c22b6571ff119c04db86239fd0949398f0ecca /src/main
parent: 19c3632f247dfee75bb1fe97a67140bd50ea26cc (diff)
1 files changed, 7 insertions, 8 deletions
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 024d075..d08cc51 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -31,12 +31,11 @@ ADD create-topics.sh /usr/bin/create-topics.sh
 ADD start-kafkaOrMirrorMaker.sh /usr/bin/start-kafkaOrMirrorMaker.sh
 ADD start-mirrormaker.sh /usr/bin/start-mirrormaker.sh
 ADD kafka-run-class.sh ${KAFKA_HOME}/bin/kafka-run-class.sh
-# The scripts need to have executable permission
-RUN chmod a+x /usr/bin/start-kafka.sh && \
-    chmod a+x /usr/bin/broker-list.sh && \
-    chmod a+x /usr/bin/start-kafkaOrMirrorMaker.sh && \
-    chmod a+x /usr/bin/start-mirrormaker.sh && \
-    chmod a+x ${KAFKA_HOME}/bin/kafka-run-class.sh && \
-    chmod a+x /usr/bin/create-topics.sh
-# Use "exec" form so that it runs as PID 1 (useful for graceful shutdown)
+
+RUN set -x \
+    && useradd kafka \
+    && chown -R kafka:kafka  /opt/kafka /opt/logs /opt/etc /kafka /tmp/kafka-logs /usr/bin
+
+USER kafka
+
 CMD ["start-kafkaOrMirrorMaker.sh"]
author	sunil unnava <sunil.unnava@att.com>	2019-02-12 15:16:02 -0500
committer	sunil unnava <sunil.unnava@att.com>	2019-02-12 15:16:21 -0500
commit	6bd0d04630efa61bff5711395cc7e5c532cba052 (patch)
tree	79c22b6571ff119c04db86239fd0949398f0ecca /src/main
parent	19c3632f247dfee75bb1fe97a67140bd50ea26cc (diff)