diff options
| author |   sebdet <sebastien.determe@intl.att.com> | 2019-02-15 18:33:19 +0100 |
|---|---|---|
| committer | sebdet <sebastien.determe@intl.att.com> | 2019-02-15 18:33:19 +0100 |
| commit | 9021eac53065669a5bb662f9f66c8c2fde9150de (patch) | |
| tree | 5f0d9d4e465e943eaa6904810b4bbab6a00c1ed1 | |
| parent | c6d3c50cb1c3b662c2481d31c7b91b9787bd1a29 (diff) | |
Run as non root
Modify the CLAMP docker image so that it does not run as root but as
clamp user
Issue-ID: CLAMP-298
Change-Id: I0bf7bed9cb76a2fcde72f2e23b66e03f03e5fe0e
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
| -rw-r--r-- | src/main/docker/Dockerfile | 11 | ||||
| -rw-r--r-- | src/main/resources/boot-message.txt | 16 |
2 files changed, 20 insertions, 7 deletions
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index 44e280943..983dea7da 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -15,10 +15,19 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et apt-get -y dist-upgrade && \
apt-get install -y openjdk-8-jre-headless
+RUN groupadd -r onap && useradd --no-log-init -r -g onap clamp
+VOLUME /opt/clamp/config
+RUN mkdir /var/log/onap
+RUN chmod a+rwx /var/log/onap
+
COPY onap-clamp/clamp.jar /opt/clamp/app.jar
-VOLUME /etc
+RUN chmod 700 /opt/clamp/app.jar
+
COPY onap-clamp/startService.sh /opt/clamp/startService.sh
RUN chmod 700 /opt/clamp/startService.sh
+RUN chown -R clamp:onap /opt/clamp
+
+USER clamp
WORKDIR /opt/clamp/
ENTRYPOINT ./startService.sh
diff --git a/src/main/resources/boot-message.txt b/src/main/resources/boot-message.txt index eea540beb..92e4ab029 100644 --- a/src/main/resources/boot-message.txt +++ b/src/main/resources/boot-message.txt @@ -1,10 +1,14 @@ -╔═╗╔╗╔╔═╗╔═╗ ╔═╗┌─┐┌─┐┌─┐┌┐ ┬ ┌─┐┌┐┌┌─┐┌─┐ -║ ║║║║╠═╣╠═╝ ║ ├─┤└─┐├─┤├┴┐│ ├─┤││││ ├─┤ -╚═╝╝╚╝╩ ╩╩ ╚═╝┴ ┴└─┘┴ ┴└─┘┴─┘┴ ┴┘└┘└─┘┴ ┴ - ╔═╗╦ ╔═╗╔╦╗╔═╗ - ║ ║ ╠═╣║║║╠═╝ - ╚═╝╩═╝╩ ╩╩ ╩╩ + _____ _ _ __ ____ ____ __ __ ____ __ ____ _ _ +( _ )( \( ) /__\ ( _ \ ( _ \( )( )( _ \( ) (_ _)( \( ) + )(_)( ) ( /(__)\ )___/ )(_) ))(__)( ) _ < )(__ _)(_ ) ( +(_____)(_)\_)(__)(__)(__) (____/(______)(____/(____)(____)(_)\_) + ___ __ __ __ __ ____ + / __)( ) /__\ ( \/ )( _ \ + ( (__ )(__ /(__)\ ) ( )___/ + \___)(____)(__)(__)(_/\/\_)(__) + + :: Starting ::
\ No newline at end of file |