From: preethika.p Date: Tue, 22 Feb 2022 04:10:41 +0000 (+0000) Subject: Fix bug 1702 Adding non-root user to run NG-UI X-Git-Tag: v12.0.0rc1~33 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F98%2F11698%2F2;p=osm%2Fdevops.git Fix bug 1702 Adding non-root user to run NG-UI Change-Id: I8b67e7fb1b0d008187833cfb8c1752a6254f4ccf Signed-off-by: preethika.p --- diff --git a/docker/NG-UI/Dockerfile b/docker/NG-UI/Dockerfile index c4d67df9..6e9e79d0 100644 --- a/docker/NG-UI/Dockerfile +++ b/docker/NG-UI/Dockerfile @@ -65,6 +65,14 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get --yes update && \ # Removing the Nginx default page. RUN rm -rf /usr/share/nginx/html/* +# Creating the user for the app +RUN groupadd -g 1000 appuser && \ + useradd -u 1000 -g 1000 -d /usr appuser && \ + chown -R appuser:appuser /usr /var/lib/nginx /var/log/nginx /etc/nginx /run + +# Changing the security context +USER appuser + # Copying Nginx configuration COPY --from=INSTALL /usr/share/osm-ngui/nginx/nginx.conf /etc/nginx/sites-available/default diff --git a/installers/docker/osm_pods/ng-ui.yaml b/installers/docker/osm_pods/ng-ui.yaml index f5b16582..3ce1e3b0 100644 --- a/installers/docker/osm_pods/ng-ui.yaml +++ b/installers/docker/osm_pods/ng-ui.yaml @@ -44,6 +44,10 @@ spec: labels: app: ng-ui spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 containers: - name: ng-ui image: opensourcemano/ng-ui:11