From 6aa307c93bb05223f8b0c797b6425041a298955e Mon Sep 17 00:00:00 2001
From: Huabing Zhao <zhaohuabing@gmail.com>
Date: Wed, 10 Apr 2019 09:09:19 +0000
Subject: [PATCH] Run discovery as non-root user

Change-Id: I97ef4a92f991cd6d72a38b293ec14620050cad9e
Issue-ID: MSB-321
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
---
 distributions/msb-discovery/src/main/docker/Dockerfile | 10 +++++++++-
 nginx-ext-consul/src/assembly/resources/run.sh         | 12 ++++++------
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/distributions/msb-discovery/src/main/docker/Dockerfile b/distributions/msb-discovery/src/main/docker/Dockerfile
index 747790f..2058233 100644
--- a/distributions/msb-discovery/src/main/docker/Dockerfile
+++ b/distributions/msb-discovery/src/main/docker/Dockerfile
@@ -5,6 +5,14 @@ COPY msb-discover*.tar.gz /usr/src
 RUN tar -xzf /usr/src/msb-discover*.tar.gz -C /usr/local --strip-components=1; \
 	rm /usr/src/msb-discover*.tar.gz
 	
+RUN apk add --no-cache shadow sudo && \
+    addgroup -g 1000 msb && \
+    adduser -D -u 1000 -G msb msb && \
+    echo "msb ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/msb && \
+    chmod 0440 /etc/sudoers.d/msb && \
+    chown -R msb:msb /usr/local
+USER msb
+
 WORKDIR /usr/local
 EXPOSE 10081
-ENTRYPOINT exec $PWD/startup4docker.sh
\ No newline at end of file
+ENTRYPOINT exec $PWD/startup4docker.sh
diff --git a/nginx-ext-consul/src/assembly/resources/run.sh b/nginx-ext-consul/src/assembly/resources/run.sh
index a47201e..a6f04b5 100644
--- a/nginx-ext-consul/src/assembly/resources/run.sh
+++ b/nginx-ext-consul/src/assembly/resources/run.sh
@@ -21,10 +21,10 @@ _NGINXCMD="$HOME/sbin/nginx"
 
 LUAJIT_HOME=`cd $DIRNAME/luajit; pwd`
 echo =========== prepare the symbolic links  ========================================
-ln -s -f $_NGINXCMD $DIRNAME/bin/openresty
-ln -s -f $LUAJIT_HOME/bin/luajit2.1.0-beta2 $LUAJIT_HOME/bin/luajit
-ln -s -f $LUAJIT_HOME/lib/libluajit-5.1.so.2.1.0 $LUAJIT_HOME/lib/libluajit-5.1.so.2
-ln -s -f $LUAJIT_HOME/lib/libluajit-5.1.so.2.1.0 $LUAJIT_HOME/lib/libluajit-5.1.so
+sudo ln -s -f $_NGINXCMD $DIRNAME/bin/openresty
+sudo ln -s -f $LUAJIT_HOME/bin/luajit2.1.0-beta2 $LUAJIT_HOME/bin/luajit
+sudo ln -s -f $LUAJIT_HOME/lib/libluajit-5.1.so.2.1.0 $LUAJIT_HOME/lib/libluajit-5.1.so.2
+sudo ln -s -f $LUAJIT_HOME/lib/libluajit-5.1.so.2.1.0 $LUAJIT_HOME/lib/libluajit-5.1.so
 echo ================================================================================
 
 echo =========== create symbolic link for libluajit-5.1.so.2  ========================================
@@ -32,8 +32,8 @@ LUAJIT_HOME=`cd $DIRNAME/luajit; pwd`
 LUAJIT_FILENAME="$LUAJIT_HOME/lib/libluajit-5.1.so.2"
 LN_TARGET_FILE='/lib/libluajit-5.1.so.2'
 LN_TARGET_FILE64='/lib64/libluajit-5.1.so.2'
-ln -s -f $LUAJIT_FILENAME $LN_TARGET_FILE
-ln -s -f $LUAJIT_FILENAME $LN_TARGET_FILE64
+sudo ln -s -f $LUAJIT_FILENAME $LN_TARGET_FILE
+sudo ln -s -f $LUAJIT_FILENAME $LN_TARGET_FILE64
 echo ===============================================================================
 echo HOME=$HOME
 echo _NGINXCMD=$_NGINXCMD
-- 
2.16.6