From 6a5a136450f8ba6eb995428672a14241019f5927 Mon Sep 17 00:00:00 2001 From: "sunil.unnava" Date: Mon, 8 Apr 2019 19:28:57 -0400 Subject: [PATCH] run as non root user Issue-ID: DMAAP-1040 Change-Id: Ia4e44a7e3b61c17a8b970faf3070ab3cab66c7b6 Signed-off-by: sunil.unnava --- src/main/docker/Dockerfile | 9 +++++++++ src/main/docker/start-mirrormaker.sh | 1 - 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index d837fb9..2ac2f3d 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -31,6 +31,7 @@ ADD broker-list.sh /usr/bin/broker-list.sh ADD create-topics.sh /usr/bin/create-topics.sh ADD start-kafkaOrMirrorMaker.sh /usr/bin/start-kafkaOrMirrorMaker.sh ADD start-mirrormaker.sh /usr/bin/start-mirrormaker.sh +RUN mkdir /opt/logs # The scripts need to have executable permission RUN chmod a+x /usr/bin/start-kafka.sh && \ chmod a+x /usr/bin/broker-list.sh && \ @@ -39,3 +40,11 @@ RUN chmod a+x /usr/bin/start-kafka.sh && \ chmod a+x /usr/bin/create-topics.sh # Use "exec" form so that it runs as PID 1 (useful for graceful shutdown) CMD ["start-kafkaOrMirrorMaker.sh"] + +RUN addgroup onap \ + && adduser mrkafka -G onap \ + && chown -R mrkafka:onap /opt/kafka/ /opt/logs/ /opt/etc/ /kafka/ /usr/bin/ /tmp/ + +USER mrkafka + + diff --git a/src/main/docker/start-mirrormaker.sh b/src/main/docker/start-mirrormaker.sh index f82092a..0e9100f 100644 --- a/src/main/docker/start-mirrormaker.sh +++ b/src/main/docker/start-mirrormaker.sh @@ -143,7 +143,6 @@ export KAFKA_OPTS="-Djava.security.auth.login.config=$KAFKA_HOME/config/kafka_se -mkdir /opt/logs cp /tmp/kafka-run-class.sh /opt/kafka/bin java -jar /tmp/dmaapMMAgent.jar -- 2.16.6