From 9b4ee24a0e3bc675b6e974cd456a378fe562c19f Mon Sep 17 00:00:00 2001 From: Bernhard B Date: Thu, 8 Oct 2020 21:14:06 +0200 Subject: [PATCH] use non-root user in docker image see #31 --- Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Dockerfile b/Dockerfile index 6d7d95d..906d688 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,6 +41,8 @@ RUN cd /tmp/signal-cli-rest-api-src && swag init && go build # Start a fresh container for release container FROM adoptopenjdk:11-jre-hotspot +RUN useradd -ms /bin/bash signal + COPY --from=buildcontainer /tmp/signal-cli-rest-api-src/signal-cli-rest-api /usr/bin/signal-cli-rest-api COPY --from=buildcontainer /tmp/signal-cli /opt/signal-cli @@ -48,6 +50,12 @@ RUN ln -s /opt/signal-cli/bin/signal-cli /usr/bin/signal-cli RUN mkdir -p /signal-cli-config/ RUN mkdir -p /home/.local/share/signal-cli +RUN chown -R signal:signal /home/.local/share/signal-cli +RUN chmod u+rwx /home/.local/share/signal-cli + +USER signal +WORKDIR /home/signal + EXPOSE 8080 ENTRYPOINT ["signal-cli-rest-api"]