Code Review / ccsdk / apps.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 2bd0d09)
Run naming service as non-root 98/105798/1
authorDan Timoney <dtimoney@att.com>
Fri, 10 Apr 2020 18:37:59 +0000 (14:37 -0400)
committerDan Timoney <dtimoney@att.com>
Fri, 10 Apr 2020 18:37:59 +0000 (14:37 -0400)
Run naming service as non-root user ccsdk

Change-Id: I1dc2fee3c3b4bd1b3a0e22cfc45ae27620130a20
Issue-ID: CCSDK-2149
Signed-off-by: Dan Timoney <dtimoney@att.com>
ms/neng/src/main/docker/Dockerfile patch | blob | history

diff --git a/ms/neng/src/main/docker/Dockerfile b/ms/neng/src/main/docker/Dockerfile
index 6225f35..5327b11 100644 (file)
--- a/ms/neng/src/main/docker/Dockerfile
+++ b/ms/neng/src/main/docker/Dockerfile
@@ -31,6 +31,11 @@ VOLUME /opt/etc
 ADD opt/etc/ /opt/etc/
 #ADD /opt/aai/ /opt/aai/
 ADD startService.sh /startService.sh
+RUN addgroup -S ccsdk && adduser -S ccsdk -G ccsdk
+RUN chown ccsdk:ccsdk /startService.sh
+RUN chown -R ccsdk:ccsdk /opt
+RUN chmod go+w /tmp
 RUN chmod 700 /startService.sh
-ENTRYPOINT sh /startService.sh 
+USER ccsdk
+ENTRYPOINT sh /startService.sh
 EXPOSE 8080
Applications intended to run as their own dockers (e.g micro services)