From 9021eac53065669a5bb662f9f66c8c2fde9150de Mon Sep 17 00:00:00 2001
From: sebdet <sebastien.determe@intl.att.com>
Date: Fri, 15 Feb 2019 18:33:19 +0100
Subject: Run as non root

Modify the CLAMP docker image so that it does not run as root but as
clamp user

Issue-ID: CLAMP-298
Change-Id: I0bf7bed9cb76a2fcde72f2e23b66e03f03e5fe0e
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
---
 src/main/docker/Dockerfile | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'src/main/docker')

diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 44e280943..983dea7da 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -15,10 +15,19 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et
     apt-get -y dist-upgrade &&  \
     apt-get install -y openjdk-8-jre-headless
 
+RUN groupadd -r onap && useradd --no-log-init -r -g onap clamp
+VOLUME /opt/clamp/config
+RUN mkdir /var/log/onap
+RUN chmod a+rwx /var/log/onap
+
 COPY onap-clamp/clamp.jar /opt/clamp/app.jar
-VOLUME /etc
+RUN chmod 700 /opt/clamp/app.jar
+
 COPY onap-clamp/startService.sh /opt/clamp/startService.sh
 RUN chmod 700 /opt/clamp/startService.sh
 
+RUN chown -R clamp:onap /opt/clamp
+
+USER clamp
 WORKDIR /opt/clamp/
 ENTRYPOINT ./startService.sh 
-- 
cgit 1.2.3-korg