[AAI-2177] Run container process as non-root

author rajeevme <rajeevme@amdocs.com>

Tue, 20 Aug 2019 04:01:28 +0000 (09:31 +0530)

committer rajeevme <rajeev.mehta@amdocs.com>

Tue, 20 Aug 2019 06:26:38 +0000 (11:56 +0530)
author rajeevme <rajeevme@amdocs.com>
Tue, 20 Aug 2019 04:01:28 +0000 (09:31 +0530)
committer rajeevme <rajeev.mehta@amdocs.com>
Tue, 20 Aug 2019 06:26:38 +0000 (11:56 +0530)
diff --git a/src/main/bin/start.sh b/src/main/bin/start.sh

index 87ec099..2553d1f 100644 (file)
--- a/src/main/bin/start.sh
+++ b/src/main/bin/start.sh
@@ -33,4 +33,8 @@ fi
  JVM_MAX_HEAP=${MAX_HEAP:-1024}
  
  set -x
+if [ -z "$RUN_MS_AS_ROOT" ] ; then
  exec java -Xmx${JVM_MAX_HEAP}m $PROPS -jar ${APP_HOME}/gizmo.jar
+else
+exec sudo -E java -Xmx${JVM_MAX_HEAP}m $PROPS -jar ${APP_HOME}/gizmo.jar
+fi
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile

index 343ed4d..b164907 100644 (file)
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -32,6 +32,12 @@ RUN chmod 755 $BIN_HOME/*
  RUN mkdir /opt/aaihome && \
       groupadd -g 492382 aaiadmin && \
       useradd -r -u 341790  -g 492382 -ms /bin/sh -d /opt/aaihome/aaiadmin aaiadmin && \
+     
+      ##The following 2 lines are added to add the user to the sudoers group
+      ##The script src\main\bin\start.sh could then optionally run the process as sudo user if an environment variable is set
+      ## By default the sudo mode is disabled.
+      usermod -aG sudo aaiadmin  &&\
+      echo  'aaiadmin  ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \      
       chown -R aaiadmin:aaiadmin $MICRO_HOME &&\
       mkdir /logs && \
       chown -R aaiadmin:aaiadmin  /logs
author	rajeevme <rajeevme@amdocs.com>
	Tue, 20 Aug 2019 04:01:28 +0000 (09:31 +0530)
committer	rajeevme <rajeev.mehta@amdocs.com>
	Tue, 20 Aug 2019 06:26:38 +0000 (11:56 +0530)
src/main/bin/start.sh		patch \| blob \| history
src/main/docker/Dockerfile		patch \| blob \| history