From 4131813fa50c46b1da78f06cd53c0fbdcc501e23 Mon Sep 17 00:00:00 2001 From: "Glenn Y. Rolland" Date: Tue, 30 Nov 2021 14:02:48 +0100 Subject: [PATCH] docker: switch to non-root user --- docker/Dockerfile | 3 ++- docker/entrypoint.sh | 11 ++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 186b2e7..105d809 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -8,7 +8,7 @@ RUN apt-get update \ && truncate -s 0 /var/log/*log RUN apt-get update \ - && apt-get install -y --no-install-recommends make build-essential inotify-tools chromium \ + && apt-get install -y --no-install-recommends make build-essential inotify-tools chromium gosu \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && truncate -s 0 /var/log/*log @@ -22,5 +22,6 @@ ENV LC_ALL=C RUN make prepare + ENTRYPOINT ["/app/docker/entrypoint.sh"] CMD ["watch"] diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index e58bfd2..34df587 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,6 +1,15 @@ #!/bin/sh +set -u +set -e + ARGS="$*" echo "Arguments: $ARGS" -exec make "$@" +EXT_UID=${EXT_UID:-999} +EXT_GID=${EXT_GID:-999} + +groupadd -g "$EXT_GID" appuser +useradd -r -u "$EXT_UID" -g appuser appuser + +exec gosu appuser make "$@"