Run the app with a non-root user

author tangpeng <tang.peng5@zte.com.cn>

Tue, 26 Feb 2019 09:04:48 +0000 (09:04 +0000)

committer tangpeng <tang.peng5@zte.com.cn>

Tue, 26 Feb 2019 09:04:48 +0000 (09:04 +0000)
author tangpeng <tang.peng5@zte.com.cn>
Tue, 26 Feb 2019 09:04:48 +0000 (09:04 +0000)
committer tangpeng <tang.peng5@zte.com.cn>
Tue, 26 Feb 2019 09:04:48 +0000 (09:04 +0000)
diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile

index 106d7ac..ddd48cd 100644 (file)
--- a/rulemgt-standalone/src/main/assembly/Dockerfile
+++ b/rulemgt-standalone/src/main/assembly/Dockerfile
@@ -45,11 +45,17 @@ ADD holmes-frontend.key /etc/ssl/private
  ADD holmes-frontend-selfsigned.crt /etc/ssl/certs
  ADD dhparam.pem /etc/ssl/certs
  
+#switch the user to holmes
+RUN addgroup -S holmes && adduser -S -G holmes holmes
+
  #add the backend package to the docker image
  RUN mkdir /home/holmes
  WORKDIR /home/holmes
  ADD holmes-rulemgt-standalone-*-linux64.tar.gz /home/holmes/
+RUN chmod -R a+rw /home/holmes/
+RUN chmod -R a+rw /var/log/
  RUN chmod 755 /home/holmes/bin/*.sh
  
+USER holmes
  CMD ["sh", "/home/holmes/bin/run.sh"]
author	tangpeng <tang.peng5@zte.com.cn>
	Tue, 26 Feb 2019 09:04:48 +0000 (09:04 +0000)
committer	tangpeng <tang.peng5@zte.com.cn>
	Tue, 26 Feb 2019 09:04:48 +0000 (09:04 +0000)