From: sebdet Date: Fri, 15 Feb 2019 17:33:19 +0000 (+0100) Subject: Run as non root X-Git-Tag: 4.0.0~98 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=9021eac53065669a5bb662f9f66c8c2fde9150de;p=clamp.git Run as non root Modify the CLAMP docker image so that it does not run as root but as clamp user Issue-ID: CLAMP-298 Change-Id: I0bf7bed9cb76a2fcde72f2e23b66e03f03e5fe0e Signed-off-by: sebdet --- diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index 44e28094..983dea7d 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -15,10 +15,19 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et apt-get -y dist-upgrade && \ apt-get install -y openjdk-8-jre-headless +RUN groupadd -r onap && useradd --no-log-init -r -g onap clamp +VOLUME /opt/clamp/config +RUN mkdir /var/log/onap +RUN chmod a+rwx /var/log/onap + COPY onap-clamp/clamp.jar /opt/clamp/app.jar -VOLUME /etc +RUN chmod 700 /opt/clamp/app.jar + COPY onap-clamp/startService.sh /opt/clamp/startService.sh RUN chmod 700 /opt/clamp/startService.sh +RUN chown -R clamp:onap /opt/clamp + +USER clamp WORKDIR /opt/clamp/ ENTRYPOINT ./startService.sh diff --git a/src/main/resources/boot-message.txt b/src/main/resources/boot-message.txt index eea540be..92e4ab02 100644 --- a/src/main/resources/boot-message.txt +++ b/src/main/resources/boot-message.txt @@ -1,10 +1,14 @@ -╔═╗╔╗╔╔═╗╔═╗ ╔═╗┌─┐┌─┐┌─┐┌┐ ┬ ┌─┐┌┐┌┌─┐┌─┐ -║ ║║║║╠═╣╠═╝ ║ ├─┤└─┐├─┤├┴┐│ ├─┤││││ ├─┤ -╚═╝╝╚╝╩ ╩╩ ╚═╝┴ ┴└─┘┴ ┴└─┘┴─┘┴ ┴┘└┘└─┘┴ ┴ - ╔═╗╦ ╔═╗╔╦╗╔═╗ - ║ ║ ╠═╣║║║╠═╝ - ╚═╝╩═╝╩ ╩╩ ╩╩ + _____ _ _ __ ____ ____ __ __ ____ __ ____ _ _ +( _ )( \( ) /__\ ( _ \ ( _ \( )( )( _ \( ) (_ _)( \( ) + )(_)( ) ( /(__)\ )___/ )(_) ))(__)( ) _ < )(__ _)(_ ) ( +(_____)(_)\_)(__)(__)(__) (____/(______)(____/(____)(____)(_)\_) + ___ __ __ __ __ ____ + / __)( ) /__\ ( \/ )( _ \ + ( (__ )(__ /(__)\ ) ( )___/ + \___)(____)(__)(__)(_/\/\_)(__) + + :: Starting :: \ No newline at end of file