From: Piotr Bochenski Date: Tue, 18 Jun 2019 10:03:42 +0000 (+0200) Subject: Run PRH app as non-root user inside container X-Git-Tag: 1.3.1~18 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F73%2F90073%2F1;p=dcaegen2%2Fservices%2Fprh.git Run PRH app as non-root user inside container Change-Id: I50632fdfbcea55445be2ea70c54808ec991446ee Issue-ID: DCAEGEN2-1558 Signed-off-by: Piotr Bochenski --- diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml index 8bda3f07..3fd8dfd5 100644 --- a/prh-app-server/pom.xml +++ b/prh-app-server/pom.xml @@ -39,7 +39,9 @@ org.onap.dcaegen2.services.prh.MainApp libs ${project.build.directory}/${dependency.dir.name} - /opt + + prh + /home/${docker.user.name} onap/${project.groupId}.${project.artifactId} @@ -115,7 +117,7 @@ latest openjdk:${java.version}-jre-alpine - ${docker.artifact.dir} + ${docker.user.dir} ${dependency.dir.location} @@ -126,10 +128,14 @@ ${project.build.finalName}.jar + + adduser -h ${docker.user.dir} -D ${docker.user.name}; chmod -R a+w /var/log + 8100 8433 + ${docker.user.name} ["java", "-jar", "${project.build.finalName}.jar"]