Remove sudo capability for onap user for VF-C ems docker1.3.1

Change-Id: I5f327ea36125bbed257998c644cb1af4ef29b16e Issue-ID: VFC-1640 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
author: yangyan <yangyanyj@chinamobile.com> 2020-03-05 11:15:39 +0800
committer: yangyan <yangyanyj@chinamobile.com> 2020-03-05 11:17:18 +0800
commit: e89997288e2f9e411c32a80cf586a6265a9d9e14 (patch)
tree: 1ec18475079752236c90d692aaa89b8e0d2e457a
parent: 00f47e25d32634b6076fc115a3aeb8a3cecd37ce (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh b/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh
index 9cfdeea..c3a16c3 100644
--- a/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh
+++ b/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh
@@ -22,11 +22,9 @@ install_sf(){
 add_user(){
 
 	useradd onap
-	yum -y install sudo
-	chmod u+x /etc/sudoers
-	sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
-	chmod u-x /etc/sudoers
 	chown onap:onap -R /service
+	chmod g+s /service
+	setfacl -d --set u:onap:rwx /service
 }
 
 clean_sf_cache(){
author	yangyan <yangyanyj@chinamobile.com>	2020-03-05 11:15:39 +0800
committer	yangyan <yangyanyj@chinamobile.com>	2020-03-05 11:17:18 +0800
commit	e89997288e2f9e411c32a80cf586a6265a9d9e14 (patch)
tree	1ec18475079752236c90d692aaa89b8e0d2e457a
parent	00f47e25d32634b6076fc115a3aeb8a3cecd37ce (diff)