Switch to a non-root user in docker (#247)

datalens-tech · Jan 23, 2024 · 6c0706a · 6c0706a
1 parent 58a7eaf
commit 6c0706a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/app/dl_control_api/Dockerfile b/app/dl_control_api/Dockerfile
@@ -22,6 +22,14 @@ WORKDIR /src/metapkg
 RUN poetry export --only app_dl_os_control_api --without-hashes --format=requirements.txt > requirements.txt
 RUN pip install -r requirements.txt
 
+# Setting up the runtime user
+ARG USER=app
+ARG GID=1000
+ARG UID=1000
+RUN groupadd -r -g ${GID} ${USER} && \
+    useradd -mr -g ${USER} -u ${UID} -s /bin/bash ${USER}
+USER ${USER}
+
 EXPOSE 8080
 
 ENTRYPOINT ["/etc/service/dl_api/run"]
diff --git a/app/dl_data_api/Dockerfile b/app/dl_data_api/Dockerfile
@@ -26,6 +26,14 @@ WORKDIR /src/metapkg
 RUN poetry export --only app_dl_os_data_api --without-hashes --format=requirements.txt > requirements.txt
 RUN pip install -r requirements.txt
 
+# Setting up the runtime user
+ARG USER=app
+ARG GID=1000
+ARG UID=1000
+RUN groupadd -r -g ${GID} ${USER} && \
+    useradd -mr -g ${USER} -u ${UID} -s /bin/bash ${USER}
+USER ${USER}
+
 EXPOSE 8080
 
 ENTRYPOINT ["/etc/service/dl_api/run"]