Code Review / nonrtric.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Use non-root user for Dockerfiles of nonrtric products
[nonrtric.git] / r-app-catalogue / Dockerfile
diff --git a/r-app-catalogue/Dockerfile b/r-app-catalogue/Dockerfile
index 474a3ce..ed4be95 100644 (file)
--- a/r-app-catalogue/Dockerfile
+++ b/r-app-catalogue/Dockerfile
@@ -27,16 +27,20 @@ RUN mkdir -p /opt/app/r-app-catalogue/etc/cert/
 
 EXPOSE 8680 8633
 
-RUN groupadd -g 999 appuser && \
-    useradd -r -u 999 -g appuser appuser
-RUN chown -R appuser:appuser /opt/app/r-app-catalogue/
-RUN chown -R appuser:appuser /var/log/r-app-catalogue/
-USER appuser
-
 ADD /config/application.yaml /opt/app/r-app-catalogue/config/application.yaml
 ADD /config/r-app-catalogue-keystore.jks /opt/app/r-app-catalogue/etc/cert/keystore.jks
 ADD target/${JAR} /opt/app/r-app-catalogue/r-app-catalogue.jar
 
+ARG user=nonrtric
+ARG group=nonrtric
+
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/r-app-catalogue
+RUN chown -R $user:$group /var/log/r-app-catalogue
+
+USER ${user}
+
 CMD ["java", "-jar", "/opt/app/r-app-catalogue/r-app-catalogue.jar"]
 
 
Parent repository for the O-RAN SC Non Real-Time RIC (NONRTRIC) project.