[AAI-2177] Run container process as non-root

author rajeevme <rajeev.mehta@amdocs.com>

Thu, 22 Aug 2019 16:52:19 +0000 (22:22 +0530)

committer rajeevme <rajeev.mehta@amdocs.com>

Thu, 22 Aug 2019 16:52:48 +0000 (22:22 +0530)
author rajeevme <rajeev.mehta@amdocs.com>
Thu, 22 Aug 2019 16:52:19 +0000 (22:22 +0530)
committer rajeevme <rajeev.mehta@amdocs.com>
Thu, 22 Aug 2019 16:52:48 +0000 (22:22 +0530)
diff --git a/src/main/bin/start.sh b/src/main/bin/start.sh

index 87ec099..28cca96 100644 (file)
--- a/src/main/bin/start.sh
+++ b/src/main/bin/start.sh
@@ -33,4 +33,8 @@ fi
  JVM_MAX_HEAP=${MAX_HEAP:-1024}
  
  set -x
+if [ -z "$RUN_MS_AS_ROOT" ] ; then
  exec java -Xmx${JVM_MAX_HEAP}m $PROPS -jar ${APP_HOME}/gizmo.jar
+else
+exec sudo -E java -Xmx${JVM_MAX_HEAP}m $PROPS -jar ${APP_HOME}/gizmo.jar
+fi
+\ No newline at end of file
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile

index 35297e7..036091e 100644 (file)
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -12,6 +12,11 @@ ARG USERS_HOME=/opt/aaihome
  RUN mkdir -p $MICRO_HOME $USERS_HOME /logs \
      && groupadd -g 492382 aaiadmin \
      && useradd -r -u 341790  -g 492382 -ms /bin/sh -d $USERS_HOME/aaiadmin aaiadmin
+##The following 2 lines are added to add the user to the sudoers group
+##The script src\main\bin\start.sh could then optionally run the process as sudo user if an environment variable is set
+## By default the sudo mode is disabled.
+RUN usermod -aG sudo aaiadmin  &&\
+    echo  'aaiadmin  ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
  WORKDIR $MICRO_HOME
  COPY /maven/gizmo/ .
  RUN chmod 755 $BIN_HOME/* \
author	rajeevme <rajeev.mehta@amdocs.com>
	Thu, 22 Aug 2019 16:52:19 +0000 (22:22 +0530)
committer	rajeevme <rajeev.mehta@amdocs.com>
	Thu, 22 Aug 2019 16:52:48 +0000 (22:22 +0530)
src/main/bin/start.sh		patch \| blob \| history
src/main/docker/Dockerfile		patch \| blob \| history