Run as non root

Modify the CLAMP docker image so that it does not run as root but as
clamp user

Issue-ID: CLAMP-298
Change-Id: I0bf7bed9cb76a2fcde72f2e23b66e03f03e5fe0e
Signed-off-by: sebdet <sebastien.determe@intl.att.com>

diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index 44e2809..983dea7 100644 (file)
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -15,10 +15,19 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et
     apt-get -y dist-upgrade &&  \\r
     apt-get install -y openjdk-8-jre-headless\r
 \r
+RUN groupadd -r onap && useradd --no-log-init -r -g onap clamp\r
+VOLUME /opt/clamp/config\r
+RUN mkdir /var/log/onap\r
+RUN chmod a+rwx /var/log/onap\r
+\r
 COPY onap-clamp/clamp.jar /opt/clamp/app.jar\r
-VOLUME /etc\r
+RUN chmod 700 /opt/clamp/app.jar\r
+\r
 COPY onap-clamp/startService.sh /opt/clamp/startService.sh\r
 RUN chmod 700 /opt/clamp/startService.sh\r
 \r
+RUN chown -R clamp:onap /opt/clamp\r
+\r
+USER clamp\r
 WORKDIR /opt/clamp/\r
 ENTRYPOINT ./startService.sh \r

diff --git a/src/main/resources/boot-message.txt b/src/main/resources/boot-message.txt
index eea540b..92e4ab0 100644 (file)
--- a/src/main/resources/boot-message.txt
+++ b/src/main/resources/boot-message.txt
@@ -1,10 +1,14 @@
      
          
-╔═╗╔╗╔╔═╗╔═╗  ╔═╗┌─┐┌─┐┌─┐┌┐ ┬  ┌─┐┌┐┌┌─┐┌─┐
-║ ║║║║╠═╣╠═╝  ║  ├─┤└─┐├─┤├┴┐│  ├─┤││││  ├─┤
-╚═╝╝╚╝╩ ╩╩    ╚═╝┴ ┴└─┘┴ ┴└─┘┴─┘┴ ┴┘└┘└─┘┴ ┴
-        ╔═╗╦  ╔═╗╔╦╗╔═╗                     
-        ║  ║  ╠═╣║║║╠═╝                     
-        ╚═╝╩═╝╩ ╩╩ ╩╩                       
+ _____  _  _    __    ____    ____  __  __  ____  __    ____  _  _ 
+(  _  )( \( )  /__\  (  _ \  (  _ \(  )(  )(  _ \(  )  (_  _)( \( )
+ )(_)(  )  (  /(__)\  )___/   )(_) ))(__)(  ) _ < )(__  _)(_  )  ( 
+(_____)(_)\_)(__)(__)(__)    (____/(______)(____/(____)(____)(_)\_)
+                 ___  __      __    __  __  ____                                  
+                / __)(  )    /__\  (  \/  )(  _ \                                 
+               ( (__  )(__  /(__)\  )    (  )___/                                 
+                \___)(____)(__)(__)(_/\/\_)(__)                                   
+
+
 
    :: Starting ::     
\ No newline at end of file