From 9021eac53065669a5bb662f9f66c8c2fde9150de Mon Sep 17 00:00:00 2001
From: sebdet <sebastien.determe@intl.att.com>
Date: Fri, 15 Feb 2019 18:33:19 +0100
Subject: Run as non root

Modify the CLAMP docker image so that it does not run as root but as
clamp user

Issue-ID: CLAMP-298
Change-Id: I0bf7bed9cb76a2fcde72f2e23b66e03f03e5fe0e
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
---
 src/main/docker/Dockerfile          | 11 ++++++++++-
 src/main/resources/boot-message.txt | 16 ++++++++++------
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 44e280943..983dea7da 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -15,10 +15,19 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et
     apt-get -y dist-upgrade &&  \
     apt-get install -y openjdk-8-jre-headless
 
+RUN groupadd -r onap && useradd --no-log-init -r -g onap clamp
+VOLUME /opt/clamp/config
+RUN mkdir /var/log/onap
+RUN chmod a+rwx /var/log/onap
+
 COPY onap-clamp/clamp.jar /opt/clamp/app.jar
-VOLUME /etc
+RUN chmod 700 /opt/clamp/app.jar
+
 COPY onap-clamp/startService.sh /opt/clamp/startService.sh
 RUN chmod 700 /opt/clamp/startService.sh
 
+RUN chown -R clamp:onap /opt/clamp
+
+USER clamp
 WORKDIR /opt/clamp/
 ENTRYPOINT ./startService.sh 
diff --git a/src/main/resources/boot-message.txt b/src/main/resources/boot-message.txt
index eea540beb..92e4ab029 100644
--- a/src/main/resources/boot-message.txt
+++ b/src/main/resources/boot-message.txt
@@ -1,10 +1,14 @@
      
          
-╔═╗╔╗╔╔═╗╔═╗  ╔═╗┌─┐┌─┐┌─┐┌┐ ┬  ┌─┐┌┐┌┌─┐┌─┐
-║ ║║║║╠═╣╠═╝  ║  ├─┤└─┐├─┤├┴┐│  ├─┤││││  ├─┤
-╚═╝╝╚╝╩ ╩╩    ╚═╝┴ ┴└─┘┴ ┴└─┘┴─┘┴ ┴┘└┘└─┘┴ ┴
-        ╔═╗╦  ╔═╗╔╦╗╔═╗                     
-        ║  ║  ╠═╣║║║╠═╝                     
-        ╚═╝╩═╝╩ ╩╩ ╩╩                       
+ _____  _  _    __    ____    ____  __  __  ____  __    ____  _  _ 
+(  _  )( \( )  /__\  (  _ \  (  _ \(  )(  )(  _ \(  )  (_  _)( \( )
+ )(_)(  )  (  /(__)\  )___/   )(_) ))(__)(  ) _ < )(__  _)(_  )  ( 
+(_____)(_)\_)(__)(__)(__)    (____/(______)(____/(____)(____)(_)\_)
+                 ___  __      __    __  __  ____                                  
+                / __)(  )    /__\  (  \/  )(  _ \                                 
+               ( (__  )(__  /(__)\  )    (  )___/                                 
+                \___)(____)(__)(__)(_/\/\_)(__)                                   
+
+
 
    :: Starting ::     
\ No newline at end of file
-- 
cgit 1.2.3-korg