From e98c3e883bd168e49b967c34f1d281895122b502 Mon Sep 17 00:00:00 2001
From: yangyan <yangyanyj@chinamobile.com>
Date: Thu, 5 Mar 2020 10:51:15 +0800
Subject: Remove sudo capability for onap user for VF-C gvnfm docker

Change-Id: I0a04007e7f0fe4a984182a5ffcd65997a5dbe080
Issue-ID: VFC-1640
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
---
 .../docker/docker-env-config.sh                    | 39 ++++++++++++++--------
 1 file changed, 26 insertions(+), 13 deletions(-)

diff --git a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh
index 1cd99b0..f996163 100644
--- a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh
+++ b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh
@@ -1,5 +1,11 @@
 #!/bin/bash
-install_sf(){
+
+add_user(){
+
+	useradd  onap
+}
+
+set_up_mysql(){
 
 	sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
 	sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
@@ -14,8 +20,21 @@ install_sf(){
 		rm -f mysql-community-release-el7-5.noarch.rpm
 	yum -y update
 	yum -y install mysql-server
-	mysql_install_db --user=mysql --datadir=/var/lib/mysql
-	
+	mysql_install_db --user=onap --datadir=/var/lib/mysql
+
+        chown onap:onap -R /var/run/mysqld
+        chmod g+s /var/run/mysqld
+        setfacl -d --set u:onap:rwx /var/run/mysqld
+        chown onap:onap /var/log/mysqld.log
+        chmod g+s /var/log/mysqld.log
+        chown onap:onap -R /var/lib/mysql-files
+        chmod g+s /var/lib/mysql-files
+        setfacl -d --set u:onap:rwx /var/lib/mysql-files
+        chown onap:onap /etc/my.cnf
+}
+
+set_up_tomcat(){
+
 	# Set up tomcat
 	wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \
 		tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \
@@ -31,16 +50,10 @@ install_sf(){
 	# Set permissions
 	find . -type d -exec chmod o-w {} \;
 	find . -name "*.sh" -exec chmod +x {} \;
-}
-
-add_user(){
 
-	useradd onap
-	yum -y install sudo
-	chmod u+x /etc/sudoers
-	sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
-	chmod u-x /etc/sudoers
 	chown onap:onap -R /service
+	chmod g+s /service
+	setfacl -d --set u:onap:rwx /service
 }
 
 clean_sf_cache(){
@@ -48,7 +61,7 @@ clean_sf_cache(){
 	yum clean all
 }
 
-install_sf
-wait
 add_user
+set_up_mysql
+set_up_tomcat
 clean_sf_cache
-- 
cgit 1.2.3-korg