From: jegadeeshbabu1 <jegabab1@in.ibm.com>
Date: Tue, 25 Jun 2019 12:30:35 +0000 (+0530)
Subject: Added command to create non-root-user
X-Git-Tag: 5.0.0-ONAP~7
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F44%2F90444%2F1;p=dcaegen2%2Fdeployments.git

Added command to create non-root-user

Command to run app as non-root-user

Issue-ID: DCAEGEN2-1559
Change-Id: I0d89f8b2169b3c491e6e4b0c4bd79390410ae981
Signed-off-by: jegadeeshbabu1 <jegabab1@in.ibm.com>
---

diff --git a/tca-cdap-container/Dockerfile b/tca-cdap-container/Dockerfile
index 2c57ff2..e7ae748 100644
--- a/tca-cdap-container/Dockerfile
+++ b/tca-cdap-container/Dockerfile
@@ -16,6 +16,11 @@
 
 FROM caskdata/cdap-standalone:4.1.2
 
+ARG USER_GROUP=tca-cdap-group
+ARG NON_ROOT_USER=tca-cdap
+
+#Add a new user and group to allow container to be run as non-root
+RUN addgroup --system ${USER_GROUP} && adduser --system ${NON_ROOT_USER} --ingroup ${USER_GROUP}
 RUN apt-get update && apt-get install -y netcat jq iputils-ping wget vim curl
 COPY get-tca.sh /opt/tca/get-tca.sh
 RUN /opt/tca/get-tca.sh
@@ -33,4 +38,5 @@ RUN chmod 755 /opt/tca/mr-watchdog.sh
 EXPOSE 11011
 EXPOSE 11015
 
+USER ${NON_ROOT_USER}:${USER_GROUP}
 ENTRYPOINT /opt/tca/restart.sh