Use non-root user in Dockerfile for a1-policy-management-service

author ecaiyanlinux <martin.c.yan@est.tech>

Mon, 10 Jan 2022 10:11:08 +0000 (11:11 +0100)

committer Chengkai Yan <martin.c.yan@est.tech>

Mon, 10 Jan 2022 11:28:03 +0000 (11:28 +0000)
author ecaiyanlinux <martin.c.yan@est.tech>
Mon, 10 Jan 2022 10:11:08 +0000 (11:11 +0100)
committer Chengkai Yan <martin.c.yan@est.tech>
Mon, 10 Jan 2022 11:28:03 +0000 (11:28 +0000)
diff --git a/a1-policy-management-service/Dockerfile b/a1-policy-management-service/Dockerfile

index f64eebb..6f8387e 100644 (file)
--- a/a1-policy-management-service/Dockerfile
+++ b/a1-policy-management-service/Dockerfile
@@ -34,9 +34,15 @@ ADD /config/application_configuration.json /opt/app/policy-agent/data/applicatio
  ADD /config/keystore.jks /opt/app/policy-agent/etc/cert/keystore.jks
  ADD /config/truststore.jks /opt/app/policy-agent/etc/cert/truststore.jks
  
-RUN chmod -R 777 /opt/app/policy-agent/config/
-RUN chmod -R 777 /opt/app/policy-agent/data/
+ARG user=nonrtric
+ARG group=nonrtric
  
-ADD target/${JAR} /opt/app/policy-agent/policy-agent.jar
-CMD ["java", "-jar", "/opt/app/policy-agent/policy-agent.jar"]
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/policy-agent
+RUN chown -R $user:$group /var/log/policy-agent
+
+USER ${user}
  
+ADD target/${JAR} /opt/app/policy-agent/policy-agent.jar
+CMD ["java", "-jar", "/opt/app/policy-agent/policy-agent.jar"]
+\ No newline at end of file
author	ecaiyanlinux <martin.c.yan@est.tech>
	Mon, 10 Jan 2022 10:11:08 +0000 (11:11 +0100)
committer	Chengkai Yan <martin.c.yan@est.tech>
	Mon, 10 Jan 2022 11:28:03 +0000 (11:28 +0000)