Skip to content

Commit 5aff97a

Browse files
authored
🔀 Merge pull request #495 from Singebob/master
Add group and user in dockerfile to run container as unprivileged Fixes #340 Thank you @Singebob
2 parents 2e63da0 + bbbcd09 commit 5aff97a

File tree

1 file changed

+21
-5
lines changed

1 file changed

+21
-5
lines changed

Dockerfile

+21-5
Original file line numberDiff line numberDiff line change
@@ -30,16 +30,32 @@ FROM node:16.13.2-alpine
3030
# Define some ENV Vars
3131
ENV PORT=80 \
3232
DIRECTORY=/app \
33-
IS_DOCKER=true
33+
IS_DOCKER=true \
34+
USER=docker \
35+
UID=12345 \
36+
GID=23456
37+
38+
# Install tini for initialization and tzdata for setting timezone
39+
RUN apk add --no-cache tzdata tini \
40+
# Add group
41+
&& addgroup --gid ${GID} "${USER}" \
42+
# Add user
43+
&& adduser \
44+
--disabled-password \
45+
--ingroup "${USER}" \
46+
--gecos "" \
47+
--home "${DIRECTORY}" \
48+
--no-create-home \
49+
--uid "$UID" \
50+
"$USER"
51+
52+
USER ${USER}
3453

3554
# Create and set the working directory
3655
WORKDIR ${DIRECTORY}
3756

38-
# Install tini for initialization and tzdata for setting timezone
39-
RUN apk add --no-cache tzdata tini
40-
4157
# Copy built application from build phase
42-
COPY --from=BUILD_IMAGE /app ./
58+
COPY --from=BUILD_IMAGE --chown=${USER}:${USER} /app ./
4359

4460
# Finally, run start command to serve up the built application
4561
ENTRYPOINT [ "/sbin/tini", "--" ]

0 commit comments

Comments
 (0)