From: Dan Timoney <dtimoney@att.com>
Date: Fri, 10 Apr 2020 18:37:59 +0000 (-0400)
Subject: Run naming service as non-root
X-Git-Tag: 1.0.0~8
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=a31c872db42c4e4b538248fa67cfcdfea618b8cd;p=ccsdk%2Fapps.git

Run naming service as non-root

Run naming service as non-root user ccsdk

Change-Id: I1dc2fee3c3b4bd1b3a0e22cfc45ae27620130a20
Issue-ID: CCSDK-2149
Signed-off-by: Dan Timoney <dtimoney@att.com>
---

diff --git a/ms/neng/src/main/docker/Dockerfile b/ms/neng/src/main/docker/Dockerfile
index 6225f35d..5327b11b 100644
--- a/ms/neng/src/main/docker/Dockerfile
+++ b/ms/neng/src/main/docker/Dockerfile
@@ -31,6 +31,11 @@ VOLUME /opt/etc
 ADD opt/etc/ /opt/etc/
 #ADD /opt/aai/ /opt/aai/
 ADD startService.sh /startService.sh
+RUN addgroup -S ccsdk && adduser -S ccsdk -G ccsdk
+RUN chown ccsdk:ccsdk /startService.sh
+RUN chown -R ccsdk:ccsdk /opt
+RUN chmod go+w /tmp
 RUN chmod 700 /startService.sh
-ENTRYPOINT sh /startService.sh 
+USER ccsdk
+ENTRYPOINT sh /startService.sh
 EXPOSE 8080