Code Review / ccsdk / apps.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Run naming service as non-root
[ccsdk/apps.git] / ms / neng / src / main / docker / Dockerfile
diff --git a/ms/neng/src/main/docker/Dockerfile b/ms/neng/src/main/docker/Dockerfile
index 6225f35..5327b11 100644 (file)
--- a/ms/neng/src/main/docker/Dockerfile
+++ b/ms/neng/src/main/docker/Dockerfile
@@ -31,6 +31,11 @@ VOLUME /opt/etc
 ADD opt/etc/ /opt/etc/
 #ADD /opt/aai/ /opt/aai/
 ADD startService.sh /startService.sh
+RUN addgroup -S ccsdk && adduser -S ccsdk -G ccsdk
+RUN chown ccsdk:ccsdk /startService.sh
+RUN chown -R ccsdk:ccsdk /opt
+RUN chmod go+w /tmp
 RUN chmod 700 /startService.sh
-ENTRYPOINT sh /startService.sh 
+USER ccsdk
+ENTRYPOINT sh /startService.sh
 EXPOSE 8080
Applications intended to run as their own dockers (e.g micro services)