Change wfengigne pod startup to non root

Change-Id: I15295be19b31d5ca8b757d171cc6afc4dca1e72e Issue-ID: VFC-1637 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
author: yangyan <yangyanyj@chinamobile.com> 2020-03-04 10:53:49 +0800
committer: yangyan <yangyanyj@chinamobile.com> 2020-03-04 10:54:05 +0800
commit: 49cf6c962e524260c3a11dd0456a6ff1c26721a9 (patch)
tree: 5839fba77aa3a735debe0ad2828974b8ff4b8dcc /wfenginemgrservice/src/main
parent: bc470293e272cfe9381f42b162eea7cfc9f90f23 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/wfenginemgrservice/src/main/docker/Dockerfile b/wfenginemgrservice/src/main/docker/Dockerfile
index 5ca819b..7c5e8e9 100644
--- a/wfenginemgrservice/src/main/docker/Dockerfile
+++ b/wfenginemgrservice/src/main/docker/Dockerfile
@@ -5,11 +5,17 @@ WORKDIR /home/onap/workflow/wfenginemgrservice
 EXPOSE 10550
 
 RUN apk add --update curl && \
+    apk --no-cache add sudo && \
+    addgroup -g 1000 -S onap && \
+    adduser cmcc -D -G onap -u 1000 && \
+    chmod u+w /etc/sudoers && \
+    sed -i '/User privilege/a\\cmcc    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \
+    chmod u-x /etc/sudoers && \
     rm -rf /var/cache/apk/*
 
 ADD bin /home/onap/workflow/wfenginemgrservice/
-RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh
-
-ENTRYPOINT ["./entrypoint.sh"]  
+RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh && chown onap:onap -R /home/onap
+USER onap
+WORKDIR /home/onap/workflow/wfenginemgrservice
+ENTRYPOINT ["./entrypoint.sh"]
 CMD ["start"]
-
author	yangyan <yangyanyj@chinamobile.com>	2020-03-04 10:53:49 +0800
committer	yangyan <yangyanyj@chinamobile.com>	2020-03-04 10:54:05 +0800
commit	49cf6c962e524260c3a11dd0456a6ff1c26721a9 (patch)
tree	5839fba77aa3a735debe0ad2828974b8ff4b8dcc /wfenginemgrservice/src/main
parent	bc470293e272cfe9381f42b162eea7cfc9f90f23 (diff)