Use non-root user in Dockerfile for a1-interface

author ecaiyanlinux <martin.c.yan@est.tech>

Wed, 12 Jan 2022 11:10:04 +0000 (12:10 +0100)

committer ecaiyanlinux <martin.c.yan@est.tech>

Wed, 12 Jan 2022 11:10:04 +0000 (12:10 +0100)
author ecaiyanlinux <martin.c.yan@est.tech>
Wed, 12 Jan 2022 11:10:04 +0000 (12:10 +0100)
committer ecaiyanlinux <martin.c.yan@est.tech>
Wed, 12 Jan 2022 11:10:04 +0000 (12:10 +0100)
diff --git a/near-rt-ric-simulator/Dockerfile b/near-rt-ric-simulator/Dockerfile

index 8b08972..a2ab6ab 100644 (file)
--- a/near-rt-ric-simulator/Dockerfile
+++ b/near-rt-ric-simulator/Dockerfile
@@ -29,5 +29,19 @@ COPY nginx.conf nginx.conf
  COPY certificate /usr/src/app/cert
  COPY src src
  
+ARG user=nonrtric
+ARG group=nonrtric
+
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /usr/src/app
+RUN chown -R $user:$group /var/log/nginx
+RUN chown -R $user:$group /var/lib/nginx
+RUN chown -R $user:$group /etc/nginx/conf.d
+RUN touch /var/run/nginx.pid
+RUN chown -R $user:$group /var/run/nginx.pid
+
+USER ${user}
+
  RUN chmod +x src/start.sh
  CMD src/start.sh ${A1_VERSION}
diff --git a/near-rt-ric-simulator/nginx.conf b/near-rt-ric-simulator/nginx.conf

index 3087a3f..a3be25b 100644 (file)
--- a/near-rt-ric-simulator/nginx.conf
+++ b/near-rt-ric-simulator/nginx.conf
@@ -1,4 +1,4 @@
-user www-data;
+# user www-data;
  worker_processes auto;
  pid /run/nginx.pid;
  include /etc/nginx/modules-enabled/*.conf;
author	ecaiyanlinux <martin.c.yan@est.tech>
	Wed, 12 Jan 2022 11:10:04 +0000 (12:10 +0100)
committer	ecaiyanlinux <martin.c.yan@est.tech>
	Wed, 12 Jan 2022 11:10:04 +0000 (12:10 +0100)
near-rt-ric-simulator/Dockerfile		patch \| blob \| history
near-rt-ric-simulator/nginx.conf		patch \| blob \| history