From 6cad5d9a2637735f353200c44f5a1fcbb76f47f4 Mon Sep 17 00:00:00 2001
From: ecaiyanlinux <martin.c.yan@est.tech>
Date: Wed, 12 Jan 2022 12:10:04 +0100
Subject: [PATCH] Use non-root user in Dockerfile for a1-interface

Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
Issue-ID: NONRTRIC-647
Change-Id: Ifd76ed0b5a2230a192a229fff8be8cf73339a72c
---
 near-rt-ric-simulator/Dockerfile | 14 ++++++++++++++
 near-rt-ric-simulator/nginx.conf |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/near-rt-ric-simulator/Dockerfile b/near-rt-ric-simulator/Dockerfile
index 8b08972..a2ab6ab 100644
--- a/near-rt-ric-simulator/Dockerfile
+++ b/near-rt-ric-simulator/Dockerfile
@@ -29,5 +29,19 @@ COPY nginx.conf nginx.conf
 COPY certificate /usr/src/app/cert
 COPY src src
 
+ARG user=nonrtric
+ARG group=nonrtric
+
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /usr/src/app
+RUN chown -R $user:$group /var/log/nginx
+RUN chown -R $user:$group /var/lib/nginx
+RUN chown -R $user:$group /etc/nginx/conf.d
+RUN touch /var/run/nginx.pid
+RUN chown -R $user:$group /var/run/nginx.pid
+
+USER ${user}
+
 RUN chmod +x src/start.sh
 CMD src/start.sh ${A1_VERSION}
diff --git a/near-rt-ric-simulator/nginx.conf b/near-rt-ric-simulator/nginx.conf
index 3087a3f..a3be25b 100644
--- a/near-rt-ric-simulator/nginx.conf
+++ b/near-rt-ric-simulator/nginx.conf
@@ -1,4 +1,4 @@
-user www-data;
+# user www-data;
 worker_processes auto;
 pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
-- 
2.16.6