From 967f08b3eba7c03b3a11247d680e7ac22edf97c3 Mon Sep 17 00:00:00 2001
From: tangpeng <tang.peng5@zte.com.cn>
Date: Tue, 26 Feb 2019 09:04:48 +0000
Subject: Run the app with a non-root user

Change-Id: I7b1edd635fc7aac7edbf2befaf107ea1deb9aff2
Issue-ID: HOLMES-202
Signed-off-by: tangpeng <tang.peng5@zte.com.cn>
---
 rulemgt-standalone/src/main/assembly/Dockerfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile
index 106d7ac..ddd48cd 100644
--- a/rulemgt-standalone/src/main/assembly/Dockerfile
+++ b/rulemgt-standalone/src/main/assembly/Dockerfile
@@ -45,11 +45,17 @@ ADD holmes-frontend.key /etc/ssl/private
 ADD holmes-frontend-selfsigned.crt /etc/ssl/certs
 ADD dhparam.pem /etc/ssl/certs
 
+#switch the user to holmes
+RUN addgroup -S holmes && adduser -S -G holmes holmes
+
 #add the backend package to the docker image
 RUN mkdir /home/holmes
 WORKDIR /home/holmes
 ADD holmes-rulemgt-standalone-*-linux64.tar.gz /home/holmes/
+RUN chmod -R a+rw /home/holmes/
+RUN chmod -R a+rw /var/log/
 RUN chmod 755 /home/holmes/bin/*.sh
 
+USER holmes
 CMD ["sh", "/home/holmes/bin/run.sh"]
 
-- 
cgit 1.2.3-korg