X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Fmain%2Fdocker%2FDockerfile;h=343ed4d41da8c1675a35f8def84ebae734d3704d;hb=bbe7efa2068e0d5393abc2a0240814ef18960786;hp=1652d90cf1eb47ea67ec381b906a5f4b77b391b1;hpb=44336d2b99765b9c4831a9943adbb2a848445d4e;p=aai%2Fgizmo.git

diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 1652d90..343ed4d 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -10,7 +10,7 @@ RUN apt-get update && apt-get install -y software-properties-common
 ## sudo -E is required to preserve the environment. If you remove that line, it will most like freeze at this step
 RUN sudo -E add-apt-repository ppa:openjdk-r/ppa && apt-get update && apt-get install -y openjdk-8-jdk
 ## Setup JAVA_HOME, this is useful for docker commandline
-ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk--amd64
+ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
 RUN export JAVA_HOME
 
 # Build up the deployment folder structure
@@ -22,6 +22,22 @@ COPY *.sh $BIN_HOME
 COPY bundleconfig-local $MICRO_HOME/bundleconfig
 COPY bundleconfig-local/etc/logback.xml $MICRO_HOME/bundleconfig/etc
 RUN chmod 755 $BIN_HOME/*
+
+# Changes related to:AAI-2177
+# Change aai gizmo container processes to run as non-root on the host
+
+#Note:The group id and user id used below (492382 & 341790 respectively) are chosen arbitarily based on assumption that
+# these are not used elsewhere. Please see  https://jira.onap.org/browse/AAI-2172 for more background on this.
+
+RUN mkdir /opt/aaihome && \
+     groupadd -g 492382 aaiadmin && \
+     useradd -r -u 341790  -g 492382 -ms /bin/sh -d /opt/aaihome/aaiadmin aaiadmin && \
+     chown -R aaiadmin:aaiadmin $MICRO_HOME &&\
+     mkdir /logs && \
+     chown -R aaiadmin:aaiadmin  /logs
+
+USER aaiadmin
+
 RUN ln -s /logs $MICRO_HOME/logs
 
 EXPOSE 9520 9520