summaryrefslogtreecommitdiffstats
path: root/distributions
diff options
context:
space:
mode:
authorHuabing Zhao <zhaohuabing@gmail.com>2019-04-10 08:33:58 +0000
committerHuabing Zhao <zhaohuabing@gmail.com>2019-04-10 08:42:27 +0000
commit1db162bfcd9acafa3a19c80e3943f568c9f8874a (patch)
treeca4987460ffa8a9e6989cbb42cce14d62f89eeaf /distributions
parent4b2a245470e75932931cb47f97e2835ed7cd5778 (diff)
Run API Gateway as non-root user
Change-Id: Iea0f47a7f425b7c812ee683af496b8a6b96dce13 Issue-ID: MSB-320 Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Diffstat (limited to 'distributions')
-rw-r--r--distributions/msb-apigateway/src/main/docker/Dockerfile9
1 files changed, 8 insertions, 1 deletions
diff --git a/distributions/msb-apigateway/src/main/docker/Dockerfile b/distributions/msb-apigateway/src/main/docker/Dockerfile
index 466dc20..35de11e 100644
--- a/distributions/msb-apigateway/src/main/docker/Dockerfile
+++ b/distributions/msb-apigateway/src/main/docker/Dockerfile
@@ -4,6 +4,13 @@ COPY msb-apigateway*.tar.gz /usr/src
RUN tar -xzf /usr/src/msb-apigateway*.tar.gz -C /usr/local --strip-components=1; \
rm /usr/src/msb-apigateway*.tar.gz
-
+RUN apk add --no-cache shadow sudo && \
+ addgroup -g 1000 msb && \
+ adduser -D -u 1000 -G msb msb && \
+ echo "msb ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/msb && \
+ chmod 0440 /etc/sudoers.d/msb && \
+ chown -R msb:msb /usr/local
+USER msb
+
WORKDIR /usr/local
ENTRYPOINT exec $PWD/startup4docker.sh