Code Review / nonrtric.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Update Dockerfile to use non root user
[nonrtric.git] / test / cr / Dockerfile
diff --git a/test/cr/Dockerfile b/test/cr/Dockerfile
index 24c9033..92efcb0 100644 (file)
--- a/test/cr/Dockerfile
+++ b/test/cr/Dockerfile
@@ -20,8 +20,7 @@ ARG NEXUS_PROXY_REPO
 FROM ${NEXUS_PROXY_REPO}python:3.8-slim-buster
 
 #install nginx
-RUN apt-get update
-RUN apt-get install -y nginx=1.14.*
+RUN apt-get update; apt-get install -y nginx=1.14.*
 
 COPY app/ /usr/src/app/
 COPY cert/ /usr/src/app/cert/
@@ -32,4 +31,17 @@ RUN pip install -r requirements.txt
 
 RUN chmod +x start.sh
 
+RUN groupadd -g 999 appuser && \
+    useradd -r -u 999 -g appuser appuser
+
+## add permissions for appuser user
+RUN chown -R appuser:appuser /usr/src/app/ && chmod -R 755 /usr/src/app/ && \
+        chown -R appuser:appuser /var/log/nginx && \
+        chown -R appuser:appuser /var/lib/nginx && \
+        chown -R appuser:appuser /etc/nginx/conf.d
+RUN touch /var/run/nginx.pid && \
+        chown -R appuser:appuser /var/run/nginx.pid
+
+USER appuser
+
 CMD [ "./start.sh" ]
Parent repository for the O-RAN SC Non Real-Time RIC (NONRTRIC) project.