Code Review / nonrtric.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Use non-root user in Dockerfile
[nonrtric.git] / a1-policy-management-service / Dockerfile
diff --git a/a1-policy-management-service/Dockerfile b/a1-policy-management-service/Dockerfile
index f64eebb..3775b39 100644 (file)
--- a/a1-policy-management-service/Dockerfile
+++ b/a1-policy-management-service/Dockerfile
@@ -34,8 +34,11 @@ ADD /config/application_configuration.json /opt/app/policy-agent/data/applicatio
 ADD /config/keystore.jks /opt/app/policy-agent/etc/cert/keystore.jks
 ADD /config/truststore.jks /opt/app/policy-agent/etc/cert/truststore.jks
 
-RUN chmod -R 777 /opt/app/policy-agent/config/
-RUN chmod -R 777 /opt/app/policy-agent/data/
+RUN groupadd -g 999 appuser && \
+    useradd -r -u 999 -g appuser appuser
+RUN chown -R appuser:appuser /opt/app/policy-agent
+RUN chown -R appuser:appuser /var/log/policy-agent
+USER appuser
 
 ADD target/${JAR} /opt/app/policy-agent/policy-agent.jar
 CMD ["java", "-jar", "/opt/app/policy-agent/policy-agent.jar"]
Parent repository for the O-RAN SC Non Real-Time RIC (NONRTRIC) project.