From a31c872db42c4e4b538248fa67cfcdfea618b8cd Mon Sep 17 00:00:00 2001
From: Dan Timoney <dtimoney@att.com>
Date: Fri, 10 Apr 2020 14:37:59 -0400
Subject: [PATCH] Run naming service as non-root

Run naming service as non-root user ccsdk

Change-Id: I1dc2fee3c3b4bd1b3a0e22cfc45ae27620130a20
Issue-ID: CCSDK-2149
Signed-off-by: Dan Timoney <dtimoney@att.com>
---
 ms/neng/src/main/docker/Dockerfile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ms/neng/src/main/docker/Dockerfile b/ms/neng/src/main/docker/Dockerfile
index 6225f35d..5327b11b 100644
--- a/ms/neng/src/main/docker/Dockerfile
+++ b/ms/neng/src/main/docker/Dockerfile
@@ -31,6 +31,11 @@ VOLUME /opt/etc
 ADD opt/etc/ /opt/etc/
 #ADD /opt/aai/ /opt/aai/
 ADD startService.sh /startService.sh
+RUN addgroup -S ccsdk && adduser -S ccsdk -G ccsdk
+RUN chown ccsdk:ccsdk /startService.sh
+RUN chown -R ccsdk:ccsdk /opt
+RUN chmod go+w /tmp
 RUN chmod 700 /startService.sh
-ENTRYPOINT sh /startService.sh 
+USER ccsdk
+ENTRYPOINT sh /startService.sh
 EXPOSE 8080
-- 
2.16.6