From: Sunder Tattavarada Date: Mon, 6 Apr 2020 19:14:38 +0000 (+0000) Subject: Merge "Migrate Dockerfile.portal to unprivileged user" into release-3.2.0 X-Git-Tag: 3.2.0~4 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=2e8ba0751b32a08f33a7079afb335e4079ce7ba3;hp=25a604f80ce90270ff7d104caff2fdd6948cbfa1;p=portal.git Merge "Migrate Dockerfile.portal to unprivileged user" into release-3.2.0 --- diff --git a/deliveries/Dockerfile.be b/deliveries/Dockerfile.be index afc39816..21bb1a2c 100644 --- a/deliveries/Dockerfile.be +++ b/deliveries/Dockerfile.be @@ -39,7 +39,9 @@ RUN cd ${PORTALCONTEXT} && unzip -q *.war && rm *.war VOLUME ${TOMCATHOME}/logs +# Switch to unprivileged user RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && chown -R portal:portal . && chmod -R 777 /etc/ssl/certs/java /var/ +USER portal # Switch back to root WORKDIR / diff --git a/deliveries/Dockerfile.sdk b/deliveries/Dockerfile.sdk index 5f96aaad..4757d8a4 100644 --- a/deliveries/Dockerfile.sdk +++ b/deliveries/Dockerfile.sdk @@ -38,6 +38,10 @@ RUN cd ${SDKCONTEXT} && unzip -q *.war && rm *.war VOLUME ${TOMCATHOME}/logs +# Switch to unprivileged user +RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal +USER portal + # Switch back to root WORKDIR / diff --git a/deliveries/Dockerfile.widgetms b/deliveries/Dockerfile.widgetms index 82a2e4c6..8f4b1072 100644 --- a/deliveries/Dockerfile.widgetms +++ b/deliveries/Dockerfile.widgetms @@ -14,7 +14,9 @@ RUN sh -c 'touch /app.jar' # Launch script COPY start-wms.sh / +# Switch to unprivileged user RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && mkdir logs / && chown -R portal:portal /start-wms.sh /tmp /etc/ssl/certs/java /logs && chmod -R 755 /start-wms.sh /etc/ssl/certs/java /logs /tmp +USER portal # Define default command CMD /start-wms.sh