Run API Gateway as non-root user

Change-Id: Iea0f47a7f425b7c812ee683af496b8a6b96dce13 Issue-ID: MSB-320 Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
author: Huabing Zhao <zhaohuabing@gmail.com> 2019-04-10 08:33:58 +0000
committer: Huabing Zhao <zhaohuabing@gmail.com> 2019-04-10 08:42:27 +0000
commit: 1db162bfcd9acafa3a19c80e3943f568c9f8874a (patch)
tree: ca4987460ffa8a9e6989cbb42cce14d62f89eeaf /distributions/msb-apigateway/src/main/docker/Dockerfile
parent: 4b2a245470e75932931cb47f97e2835ed7cd5778 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/distributions/msb-apigateway/src/main/docker/Dockerfile b/distributions/msb-apigateway/src/main/docker/Dockerfile
index 466dc20..35de11e 100644
--- a/distributions/msb-apigateway/src/main/docker/Dockerfile
+++ b/distributions/msb-apigateway/src/main/docker/Dockerfile
@@ -4,6 +4,13 @@ COPY msb-apigateway*.tar.gz /usr/src
 
 RUN tar -xzf /usr/src/msb-apigateway*.tar.gz -C /usr/local --strip-components=1; \
 	rm /usr/src/msb-apigateway*.tar.gz
-	
+RUN apk add --no-cache shadow sudo && \
+    addgroup -g 1000 msb && \
+    adduser -D -u 1000 -G msb msb && \
+    echo "msb ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/msb && \
+    chmod 0440 /etc/sudoers.d/msb && \
+    chown -R msb:msb /usr/local
+USER msb
+
 WORKDIR /usr/local
 ENTRYPOINT exec $PWD/startup4docker.sh
author	Huabing Zhao <zhaohuabing@gmail.com>	2019-04-10 08:33:58 +0000
committer	Huabing Zhao <zhaohuabing@gmail.com>	2019-04-10 08:42:27 +0000
commit	1db162bfcd9acafa3a19c80e3943f568c9f8874a (patch)
tree	ca4987460ffa8a9e6989cbb42cce14d62f89eeaf /distributions/msb-apigateway/src/main/docker/Dockerfile
parent	4b2a245470e75932931cb47f97e2835ed7cd5778 (diff)