From 03ca49f723555e8378ab536e13b019827994d1a5 Mon Sep 17 00:00:00 2001
From: Maxim Thomas <maxim.thomas@gmail.com>
Date: Fri, 21 Dec 2018 08:47:01 +0000
Subject: [PATCH]  make Dockerfile unpriveleged (#31)

---
 opendj-packages/opendj-docker/Dockerfile |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/opendj-packages/opendj-docker/Dockerfile b/opendj-packages/opendj-docker/Dockerfile
index a9987e2..29af706 100644
--- a/opendj-packages/opendj-docker/Dockerfile
+++ b/opendj-packages/opendj-docker/Dockerfile
@@ -16,6 +16,8 @@
 
 ARG VERSION=@project_version@
 
+ARG OPENDJ_USER="opendj"
+
 WORKDIR /opt
 
 RUN apt-get install -y wget unzip
@@ -29,4 +31,13 @@
   --generateSelfSignedCertificate --baseDN "$BASE_DN" -h localhost --rootUserDN "$ROOT_USER_DN" \
   --rootUserPassword "$ROOT_PASSWORD" --acceptLicense --no-prompt --doNotStart $ADD_BASE_ENTRY
 
+RUN useradd -m -r -u 1001 -g root $OPENDJ_USER 
+
+RUN chgrp -R 0 /opt/opendj && \
+    chmod -R g=u /opt/opendj
+    
+USER $OPENDJ_USER
+
+EXPOSE $PORT $LDAPS_PORT 4444
+
 CMD ["/opt/opendj/bin/start-ds", "--nodetach"]

--
Gitblit v1.10.0