Remove sudo capability for onap user for VF-C multivimproxy docker

Change-Id: Iea8cff3de24280e809ee63d769aba67ae59039b0
Issue-ID: VFC-1640
Signed-off-by: yangyan <yangyanyj@chinamobile.com>

diff --git a/docker/docker-env-config.sh b/docker/docker-env-config.sh
index 557fbc1..3c8cb18 100644 (file)
--- a/docker/docker-env-config.sh
+++ b/docker/docker-env-config.sh
@@ -4,10 +4,8 @@ install_sf(){
        sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
        sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
        yum update -y
-       
        yum install -y wget unzip socat java-1.8.0-openjdk-headless
        sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
-       
        # Set up tomcat
        wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \
             tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \
@@ -30,15 +28,14 @@ install_sf(){
 add_user(){
 
        useradd onap
-       yum -y install sudo
-       chmod u+x /etc/sudoers
-       sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
-       chmod u-x /etc/sudoers
        chown onap:onap -R /service
+       chmod g+s /service
+       setfacl -d --set u:onap:rwx /service
+
 }
 
 clean_sf_cache(){
-                                                               
+
        yum clean all
 }