AAF Services non root, all platforms

[aaf/authz.git] / auth / docker / Dockerfile.config

diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config
index b2263ec..3d9aa35 100644 (file)
--- a/auth/docker/Dockerfile.config
+++ b/auth/docker/Dockerfile.config
@@ -36,8 +36,16 @@ COPY bin/pod_wait.sh /opt/app/aaf_config/bin/pod_wait.sh
 COPY bin/aaf-auth-cmd-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/
 COPY bin/aaf-auth-batch-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/
 
-RUN mkdir -p /opt/app/osaaf &&\
-    chmod 755 /opt/app/aaf_config/bin/*.sh &&\
-    if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/osaaf && chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
-USER ${DUSER}
+RUN mkdir -p /opt/app/aaf /opt/app/osaaf/logs && \
+    if [ -n "${DUSER}" ]; then \
+      addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \
+      chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/osaaf /opt/app/aaf_config; \
+    fi && \
+    chmod 774 /opt/app/aaf_config/bin/*.sh
+ 
 CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
+# Note: User added if in d.props
+#    if [ -n "${DUSER}" ]; then \
+#      addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \
+#      chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/aaf_config; \
+#    fi && \