From e9415784cc7d4b7df752a848b4bbe7ed602719b2 Mon Sep 17 00:00:00 2001 From: Ahmed Karaman <20889958+ahmedkrmn@users.noreply.github.com> Date: Wed, 9 Oct 2019 01:00:14 +0200 Subject: [PATCH 1/3] Modify docker file to use non-root user --- Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9e80c31d..85e6b2af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,12 @@ FROM node:10-alpine MAINTAINER OhMyForm +# Create a group and a user with name "ohmyformUser". +RUN groupadd -g 999 ohmyformUser && useradd -r -u 999 -g ohmyformUser ohmyformUser + +# Change to non-root privilege +USER ohmyformUser + # Install some needed packages RUN apk add --no-cache git python \ && rm -rf /tmp/* \ From c159943d974643f4ab06e417acd10acc56485179 Mon Sep 17 00:00:00 2001 From: Ahmed Karaman <20889958+ahmedkrmn@users.noreply.github.com> Date: Wed, 9 Oct 2019 05:10:25 +0200 Subject: [PATCH 2/3] Fix syntax error and change group name/id --- Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9e80c31d..b25041db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,9 @@ FROM node:10-alpine MAINTAINER OhMyForm +# Create a group and a user with name "ohmyformUser". +RUN addgroup -g 9999 ohmyformGroup && adduser -u 99999 -D -g ohmyformGroup ohmyformUser + # Install some needed packages RUN apk add --no-cache git python \ && rm -rf /tmp/* \ @@ -48,5 +51,8 @@ RUN npm install --only=production \ && bower install --allow-root -f \ && grunt build +# Change to non-root privilege +USER ohmyformUser + # Run OhMyForm server CMD ["node", "server.js"] From 9fb70fc3c3102692c6658daca381398ccd01015f Mon Sep 17 00:00:00 2001 From: Ahmed Karaman <20889958+ahmedkrmn@users.noreply.github.com> Date: Wed, 9 Oct 2019 16:26:32 +0200 Subject: [PATCH 3/3] Use the same name/id for both the user and the group --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index b25041db..b2db8b8d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ FROM node:10-alpine MAINTAINER OhMyForm -# Create a group and a user with name "ohmyformUser". -RUN addgroup -g 9999 ohmyformGroup && adduser -u 99999 -D -g ohmyformGroup ohmyformUser +# Create a group and a user with name "ohmyform". +RUN addgroup --gid 9999 ohmyform && adduser -D --uid 9999 -G ohmyform ohmyform # Install some needed packages RUN apk add --no-cache git python \ @@ -52,7 +52,7 @@ RUN npm install --only=production \ && grunt build # Change to non-root privilege -USER ohmyformUser +USER ohmyform # Run OhMyForm server CMD ["node", "server.js"]