Run the app with a non-root user

Change-Id: I7b1edd635fc7aac7edbf2befaf107ea1deb9aff2
Issue-ID: HOLMES-202
Signed-off-by: tangpeng <tang.peng5@zte.com.cn>

1 files changed, 6 insertions, 0 deletions

diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile
index 106d7ac..ddd48cd 100644
--- a/rulemgt-standalone/src/main/assembly/Dockerfile
+++ b/rulemgt-standalone/src/main/assembly/Dockerfile
@@ -45,11 +45,17 @@ ADD holmes-frontend.key /etc/ssl/private
 ADD holmes-frontend-selfsigned.crt /etc/ssl/certs
 ADD dhparam.pem /etc/ssl/certs
 
+#switch the user to holmes
+RUN addgroup -S holmes && adduser -S -G holmes holmes
+
 #add the backend package to the docker image
 RUN mkdir /home/holmes
 WORKDIR /home/holmes
 ADD holmes-rulemgt-standalone-*-linux64.tar.gz /home/holmes/
+RUN chmod -R a+rw /home/holmes/
+RUN chmod -R a+rw /var/log/
 RUN chmod 755 /home/holmes/bin/*.sh
 
+USER holmes
 CMD ["sh", "/home/holmes/bin/run.sh"]