From 4f4f9963c78461e744cfa52206c0f8b6e3a75bc3 Mon Sep 17 00:00:00 2001 From: Singebob Date: Thu, 17 Feb 2022 15:52:07 +0100 Subject: [PATCH 1/2] :whale: add user in dockerfile --- Dockerfile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ebb6f41c..af6f2350 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,8 +30,15 @@ FROM node:16.13.2-alpine # Define some ENV Vars ENV PORT=80 \ DIRECTORY=/app \ - IS_DOCKER=true + IS_DOCKER=true \ + UID=1000 \ + GUID=1000 +# Create a group and user +RUN addgroup --gid ${GUID} application \ + && adduser --no-create-home --uid ${UID} application application + +USER application # Create and set the working directory WORKDIR ${DIRECTORY} From bbbcd09b448a3f4b3bd88b31ae76bbf20c7b9e8a Mon Sep 17 00:00:00 2001 From: Jeremy Chauvin Date: Fri, 18 Feb 2022 08:01:36 +0100 Subject: [PATCH 2/2] :whale: refactor to add user --- Dockerfile | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index af6f2350..e785e887 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,22 +31,31 @@ FROM node:16.13.2-alpine ENV PORT=80 \ DIRECTORY=/app \ IS_DOCKER=true \ - UID=1000 \ - GUID=1000 + USER=docker \ + UID=12345 \ + GID=23456 -# Create a group and user -RUN addgroup --gid ${GUID} application \ - && adduser --no-create-home --uid ${UID} application application +# Install tini for initialization and tzdata for setting timezone +RUN apk add --no-cache tzdata tini \ + # Add group + && addgroup --gid ${GID} "${USER}" \ + # Add user + && adduser \ + --disabled-password \ + --ingroup "${USER}" \ + --gecos "" \ + --home "${DIRECTORY}" \ + --no-create-home \ + --uid "$UID" \ + "$USER" + +USER ${USER} -USER application # Create and set the working directory WORKDIR ${DIRECTORY} -# Install tini for initialization and tzdata for setting timezone -RUN apk add --no-cache tzdata tini - # Copy built application from build phase -COPY --from=BUILD_IMAGE /app ./ +COPY --from=BUILD_IMAGE --chown=${USER}:${USER} /app ./ # Finally, run start command to serve up the built application ENTRYPOINT [ "/sbin/tini", "--" ]