Merge "run container as non root user"

author varun gudisena <varuneshwar.gudisena@att.com>

Tue, 12 Feb 2019 20:18:27 +0000 (20:18 +0000)

committer Gerrit Code Review <gerrit@onap.org>

Tue, 12 Feb 2019 20:18:27 +0000 (20:18 +0000)
author varun gudisena <varuneshwar.gudisena@att.com>
Tue, 12 Feb 2019 20:18:27 +0000 (20:18 +0000)
committer Gerrit Code Review <gerrit@onap.org>
Tue, 12 Feb 2019 20:18:27 +0000 (20:18 +0000)
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile

index 024d075..d08cc51 100644 (file)
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -31,12 +31,11 @@ ADD create-topics.sh /usr/bin/create-topics.sh
  ADD start-kafkaOrMirrorMaker.sh /usr/bin/start-kafkaOrMirrorMaker.sh
  ADD start-mirrormaker.sh /usr/bin/start-mirrormaker.sh
  ADD kafka-run-class.sh ${KAFKA_HOME}/bin/kafka-run-class.sh
-# The scripts need to have executable permission
-RUN chmod a+x /usr/bin/start-kafka.sh && \
-    chmod a+x /usr/bin/broker-list.sh && \
-    chmod a+x /usr/bin/start-kafkaOrMirrorMaker.sh && \
-    chmod a+x /usr/bin/start-mirrormaker.sh && \
-    chmod a+x ${KAFKA_HOME}/bin/kafka-run-class.sh && \
-    chmod a+x /usr/bin/create-topics.sh
-# Use "exec" form so that it runs as PID 1 (useful for graceful shutdown)
+
+RUN set -x \
+    && useradd kafka \
+    && chown -R kafka:kafka  /opt/kafka /opt/logs /opt/etc /kafka /tmp/kafka-logs /usr/bin
+
+USER kafka
+
  CMD ["start-kafkaOrMirrorMaker.sh"]
author	varun gudisena <varuneshwar.gudisena@att.com>
	Tue, 12 Feb 2019 20:18:27 +0000 (20:18 +0000)
committer	Gerrit Code Review <gerrit@onap.org>
	Tue, 12 Feb 2019 20:18:27 +0000 (20:18 +0000)