From 047385e55632a1dd6398e414aa82397f380e449f Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Mon, 30 Mar 2020 11:40:12 +0200
Subject: Migrate Dockerfile.be to unprivileged user

Issue-ID: PORTAL-849
Change-Id: I58fe742980a24039114033a82fe785a1093391bf
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 deliveries/Dockerfile.be | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/deliveries/Dockerfile.be b/deliveries/Dockerfile.be
index afc39816..21bb1a2c 100644
--- a/deliveries/Dockerfile.be
+++ b/deliveries/Dockerfile.be
@@ -39,7 +39,9 @@ RUN cd ${PORTALCONTEXT} && unzip -q *.war && rm *.war
 
 VOLUME ${TOMCATHOME}/logs
 
+# Switch to unprivileged user
 RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && chown -R portal:portal . && chmod -R 777 /etc/ssl/certs/java /var/
+USER portal
 
 # Switch back to root
 WORKDIR /
-- 
cgit 1.2.3-korg


From 048ca4538f32b27667271d1a32f5a95b0731f1f9 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Mon, 30 Mar 2020 11:43:19 +0200
Subject: Migrate Dockerfile.portal to unprivileged user

Issue-ID: PORTAL-849
Change-Id: I3060de8beddcba03be45f19ce8cd1fd0e32e62f5
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 deliveries/Dockerfile.portal | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/deliveries/Dockerfile.portal b/deliveries/Dockerfile.portal
index f12a3e30..cce3ed09 100644
--- a/deliveries/Dockerfile.portal
+++ b/deliveries/Dockerfile.portal
@@ -41,6 +41,10 @@ COPY ${FE_DIR} ${PORTALCONTEXT}/public
 
 VOLUME ${TOMCATHOME}/logs
 
+# Switch to unprivileged user
+RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal
+USER portal
+
 # Switch back to root
 WORKDIR /
 
-- 
cgit 1.2.3-korg


From 59ad77a586b7b00396fba2ad0273b595e98676a6 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Mon, 30 Mar 2020 11:48:26 +0200
Subject: Migrate Dockerfile.sdk to unprivileged user

Issue-ID: PORTAL-849
Change-Id: If0cf112cd627c431e4ca08329e0da3ee5d8b8bdc
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 deliveries/Dockerfile.sdk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/deliveries/Dockerfile.sdk b/deliveries/Dockerfile.sdk
index 5f96aaad..4757d8a4 100644
--- a/deliveries/Dockerfile.sdk
+++ b/deliveries/Dockerfile.sdk
@@ -38,6 +38,10 @@ RUN cd ${SDKCONTEXT} && unzip -q *.war && rm *.war
 
 VOLUME ${TOMCATHOME}/logs
 
+# Switch to unprivileged user
+RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal
+USER portal
+
 # Switch back to root
 WORKDIR /
 
-- 
cgit 1.2.3-korg


From edebaff8d9225b23adac727b983e2c3890cd7ee1 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Mon, 30 Mar 2020 11:50:46 +0200
Subject: Migrate Dockerfile.widgetms to unprivileged user

Issue-ID: PORTAL-849
Change-Id: Ia6e96c72a0a7f4a7d7693688365c683227bef6d3
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 deliveries/Dockerfile.widgetms | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/deliveries/Dockerfile.widgetms b/deliveries/Dockerfile.widgetms
index 82a2e4c6..8f4b1072 100644
--- a/deliveries/Dockerfile.widgetms
+++ b/deliveries/Dockerfile.widgetms
@@ -14,7 +14,9 @@ RUN sh -c 'touch /app.jar'
 # Launch script
 COPY start-wms.sh /
 
+# Switch to unprivileged user
 RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && mkdir logs / && chown -R portal:portal /start-wms.sh /tmp /etc/ssl/certs/java /logs && chmod -R 755 /start-wms.sh /etc/ssl/certs/java /logs /tmp
+USER portal
 
 # Define default command
 CMD /start-wms.sh
-- 
cgit 1.2.3-korg