From: yangyan <yangyanyj@chinamobile.com>
Date: Wed, 4 Mar 2020 13:06:28 +0000 (+0800)
Subject: Remove sudo capability for onap user for VF-C multivimproxy docker
X-Git-Tag: 1.3.1~1
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=232a02fd14424655d88f249c76ff792d847aded7;p=vfc%2Fnfvo%2Fmultivimproxy.git

Remove sudo capability for onap user for VF-C multivimproxy docker

Change-Id: Iea8cff3de24280e809ee63d769aba67ae59039b0
Issue-ID: VFC-1640
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
---

diff --git a/docker/docker-env-config.sh b/docker/docker-env-config.sh
index 557fbc1..3c8cb18 100644
--- a/docker/docker-env-config.sh
+++ b/docker/docker-env-config.sh
@@ -4,10 +4,8 @@ install_sf(){
 	sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
 	sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
 	yum update -y
-	
 	yum install -y wget unzip socat java-1.8.0-openjdk-headless
 	sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
-	
 	# Set up tomcat
 	wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \
 	     tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \
@@ -30,15 +28,14 @@ install_sf(){
 add_user(){
 
 	useradd onap
-	yum -y install sudo
-	chmod u+x /etc/sudoers
-	sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
-	chmod u-x /etc/sudoers
 	chown onap:onap -R /service
+	chmod g+s /service
+	setfacl -d --set u:onap:rwx /service
+
 }
 
 clean_sf_cache(){
-								
+
 	yum clean all
 }