Skip to content

Commit

Permalink
Switch to appuser to avoid root
Browse files Browse the repository at this point in the history 
Signed-off-by: Benoit Donneaux <[email protected]>
  • Loading branch information
@btlogy
btlogy committed May 27, 2023
1 parent acb3399 commit 78ed255
Show file tree
Hide file tree
Showing 3 changed files with 88 additions and 0 deletions.
30 changes: 30 additions & 0 deletions mailbox/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,33 @@ VOLUME /db

# Expose port
EXPOSE "${MW_MAILBOX_PORT}/${MW_MAILBOX_PROTO}"

# Parameters for default user:group
ARG uid=1000
ARG user=appuser
ARG gid=1000
ARG group=appgroup

# Add user and group so the command above and its
# output will be owned by the specified uid:gid
RUN grep -q ":${gid}:" /etc/group && { \
echo "Group ID ${gid} found"; \
} || { \
echo "Group ID ${gid} NOT found"; \
groupadd -g "${gid}" "${group}" && \
echo "Group ID ${gid} created"; \
}
RUN id "${uid}" > /dev/null 2>&1 && { \
echo "User ID ${uid} found"; \
} || { \
echo "User ID ${uid} NOT found"; \
useradd -md "/home/${user}" -s /bin/bash -g "${group}" -u "${uid}" "${user}" && \
echo "User ID ${uid} created"; \
}

# Fix ownership
RUN chown -R ${user}:${group} /app /db

# Switch to non-root user
USER ${user}
WORKDIR /app
30 changes: 30 additions & 0 deletions relay/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,33 @@ VOLUME /db

# Expose ports
EXPOSE "${MW_RELAY_PORT}/${MW_RELAY_PROTO}" "${MW_RELAY_WS_PORT}/${MW_RELAY_WS_PROTO}"

# Parameters for default user:group
ARG uid=1000
ARG user=appuser
ARG gid=1000
ARG group=appgroup

# Add user and group so the command above and its
# output will be owned by the specified uid:gid
RUN grep -q ":${gid}:" /etc/group && { \
echo "Group ID ${gid} found"; \
} || { \
echo "Group ID ${gid} NOT found"; \
groupadd -g "${gid}" "${group}" && \
echo "Group ID ${gid} created"; \
}
RUN id "${uid}" > /dev/null 2>&1 && { \
echo "User ID ${uid} found"; \
} || { \
echo "User ID ${uid} NOT found"; \
useradd -md "/home/${user}" -s /bin/bash -g "${group}" -u "${uid}" "${user}" && \
echo "User ID ${uid} created"; \
}

# Fix ownership
RUN chown -R ${user}:${group} /app /db

# Switch to non-root user
USER ${user}
WORKDIR /app
28 changes: 28 additions & 0 deletions wormhole/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,32 @@ RUN pip install \
# Default command to start the application
CMD wormhole

# Parameters for default user:group
ARG uid=1000
ARG user=appuser
ARG gid=1000
ARG group=appgroup

# Add user and group so the command above and its
# output will be owned by the specified uid:gid
RUN grep -q ":${gid}:" /etc/group && { \
echo "Group ID ${gid} found"; \
} || { \
echo "Group ID ${gid} NOT found"; \
groupadd -g "${gid}" "${group}" && \
echo "Group ID ${gid} created"; \
}
RUN id "${uid}" > /dev/null 2>&1 && { \
echo "User ID ${uid} found"; \
} || { \
echo "User ID ${uid} NOT found"; \
useradd -md "/home/${user}" -s /bin/bash -g "${group}" -u "${uid}" "${user}" && \
echo "User ID ${uid} created"; \
}

# Fix ownership
RUN chown -R ${user}:${group} /app

# Switch to non-root user
USER ${user}
WORKDIR /app

0 comments on commit 78ed255

Please sign in to comment.