From: dglFromAtt Date: Fri, 12 Apr 2019 18:59:42 +0000 (+0000) Subject: Run as non-root X-Git-Tag: 1.1.2~4^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fbuscontroller.git;a=commitdiff_plain;h=85e7c7e57c262e38a0b3e0a14e4ebf4b92f00a58 Run as non-root Change-Id: I25f5bf778b9878648bd305fa0de965e4e7ec718c Signed-off-by: dglFromAtt Issue-ID: DMAAP-1164 --- diff --git a/dbc-client/misc/dbc-client b/dbc-client/misc/dbc-client index 1e839ec..c29ec86 100644 --- a/dbc-client/misc/dbc-client +++ b/dbc-client/misc/dbc-client @@ -25,7 +25,6 @@ umask 0022 TZ=GMT0 COMPONENT=dbc-client APP_ROOT=${APP_ROOT:-/opt/app/$COMPONENT} -USER=root export TZ PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin export PATH diff --git a/dbc-client/pom.xml b/dbc-client/pom.xml index 83c1d05..384d6a8 100644 --- a/dbc-client/pom.xml +++ b/dbc-client/pom.xml @@ -270,7 +270,7 @@ 9.4.12.RC2 1.0.0 1.5.19 - 1.0.6 + 1.0.7 0.7.7.201606060606 3.2 diff --git a/dbc-client/src/main/resources/Dockerfile b/dbc-client/src/main/resources/Dockerfile index 9baa481..85f9426 100644 --- a/dbc-client/src/main/resources/Dockerfile +++ b/dbc-client/src/main/resources/Dockerfile @@ -46,4 +46,10 @@ RUN chmod +x /opt/app/dbc-client/bin/* && \ VOLUME /opt/app/dbc-client/log +RUN addgroup -S -g 1001 onap \ + && adduser -S -u 1000 dbc -G onap \ + && chown -R dbc:onap /opt/ + +USER dbc + ENTRYPOINT ["sh", "./bin/dbc-client" ] diff --git a/dbc-client/version.properties b/dbc-client/version.properties index dadd8a9..0607bbf 100644 --- a/dbc-client/version.properties +++ b/dbc-client/version.properties @@ -27,7 +27,7 @@ major=1 minor=0 -patch=6 +patch=7 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins diff --git a/dmaap-bc/misc/dmaapbc b/dmaap-bc/misc/dmaapbc index 74e8707..97ad226 100644 --- a/dmaap-bc/misc/dmaapbc +++ b/dmaap-bc/misc/dmaapbc @@ -25,7 +25,8 @@ umask 0022 TZ=GMT0 COMPONENT=dmaapbc APP_ROOT=/opt/app/$COMPONENT -USER=root +USER=dbc +GROUP=onap export TZ PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/java/jdk/jdk180/bin export PATH @@ -36,7 +37,22 @@ CONFIGMAP_PROPS=${CONFIGMAP_PROPS:-$CONFIGMAP_ROOT/conf/dmaapbc.properties} CONTAINER_CONFIG=$CONFIGMAP_ROOT/conf/buscontroller.env MAIN=org.onap.dmaap.dbcapi.server.Main - +authcheck() { + set -x + ID=`id -n -u` + GRP=`id -n -g` + if [ "$ID" != "$USER" ] + then + echo $COMPONENT must be started as user $USER not $ID + exit 1 + fi + if [ "$GRP" != "$GROUP" ] + then + echo $COMPONENT must be started as group $GROUP not $GRP + exit 1 + fi + set +x +} pids() { set -x @@ -92,18 +108,7 @@ config() { start() { echo "ENTER start" set -x - ID=`id -n -u` - GRP=`id -n -g` - if [ "$ID" != "$USER" ] - then - echo $COMPONENT must be started as user $USER not $ID - exit 1 - fi - if [ "$GRP" != "$USER" ] - then - echo $COMPONENT must be started as group $USER not $GRP - exit 1 - fi + authcheck cd $APP_ROOT pwd @@ -134,18 +139,7 @@ start() { stop() { echo "ENTER stop" - ID=`id -n -u` - GRP=`id -n -g` - if [ "$ID" != "$USER" ] - then - echo $COMPONENT must be stopped as user $USER not $ID - exit 1 - fi - if [ "$GRP" != "$USER" ] - then - echo $COMPONENT must be stopped as group $USER not $GRP - exit 1 - fi + authcheck touch $APP_ROOT/etc/SHUTDOWN PIDS=`pids` if [ "$PIDS" != "" ] diff --git a/dmaap-bc/pom.xml b/dmaap-bc/pom.xml index 8252249..cf73b79 100644 --- a/dmaap-bc/pom.xml +++ b/dmaap-bc/pom.xml @@ -469,7 +469,7 @@ 9.4.12.RC2 1.0.0 1.5.19 - 1.1.3 + 1.1.4 0.7.7.201606060606 3.2 diff --git a/dmaap-bc/src/main/resources/Dockerfile b/dmaap-bc/src/main/resources/Dockerfile index 014fb5e..d930a6f 100644 --- a/dmaap-bc/src/main/resources/Dockerfile +++ b/dmaap-bc/src/main/resources/Dockerfile @@ -53,4 +53,10 @@ RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \ VOLUME /opt/app/dmaapbc/log +RUN addgroup -S -g 1001 onap \ + && adduser -S -u 1000 dbc -G onap \ + && chown -R dbc:onap /opt/ + +USER dbc + ENTRYPOINT ["sh", "./bin/dmaapbc", "deploy"] diff --git a/dmaap-bc/version.properties b/dmaap-bc/version.properties index 635e84d..fcbb908 100644 --- a/dmaap-bc/version.properties +++ b/dmaap-bc/version.properties @@ -27,7 +27,7 @@ major=1 minor=1 -patch=3 +patch=4 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins