Change to using a root user for local development

This fixes an issue that was happening where Vite and other JS related tools where throwing write permission errors when running because the web service would create files as non-privileged app user and then JS tools would run as a non-privileged user and then try to write to directories owned by root.
epicserve · Aug 29, 2023 · 8840355 · 8840355
1 parent 195aae4
commit 8840355
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,16 @@
 # CHANGELOG
 
 
+## 2023-06-01
+
+### Changed
+
+* Changed to using a root user for local development. This fixes an issue that was happening where Vite and other JS
+  related tools where throwing write permission errors when running because the web service would create files as a
+  non-privileged app user and then JS tools would run as a non-privileged user and then try to write to
+  directories owned by root.
+
+
 ## 2023-06-01
 
 ### Changed

diff --git a/config/bash/bashrc b/config/bash/bashrc
@@ -1,3 +1,14 @@
+# Color prompt
+PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+
+# Colorize `ls` output
+export SHELL=/bin/bash
+export LS_OPTIONS='--color=auto'
+eval "`dircolors`"
+alias ls='ls $LS_OPTIONS'
+alias ll='ls $LS_OPTIONS -l'
+alias l='ls $LS_OPTIONS -lA'
+
 # some more ls aliases
 alias ll='ls -l'
 alias la='ls -A'

diff --git a/config/docker/Dockerfile.web b/config/docker/Dockerfile.web
@@ -38,7 +38,8 @@ RUN apt-get update \
     && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \
     && echo "LANG=en_US.UTF-8" > /etc/locale.conf \
     && locale-gen en_US.UTF-8 \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* \
+    && echo "\nsource /srv/app/config/bash/bashrc" >> /root/.bashrc
 
 ENV VIRTUAL_ENV=/opt/venv
 ENV LANG=en_US.UTF-8 \
@@ -51,14 +52,8 @@ ENV LANG=en_US.UTF-8 \
 
 WORKDIR /srv/app
 
-RUN set -ex \
-    && groupadd -r app && useradd --uid=1000 --create-home --home-dir=/home/app --no-log-init -r -g app app \
-    && echo "\nsource ./config/bash/bashrc" >> /home/app/.bashrc
-
 COPY --from=python-requirements --chown=app:app $VIRTUAL_ENV $VIRTUAL_ENV
 
-USER app
-
 EXPOSE 8000/tcp 8001/tcp
 
 CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
@@ -88,14 +83,16 @@ FROM dev as prod
 
 WORKDIR /srv/app
 
-USER root
+RUN set -ex \
+    && groupadd -r app --gid=1000 && useradd --uid=1000 --create-home --home-dir=/home/app --no-log-init -r -g app app \
+    && echo "\nsource ./config/bash/bashrc" >> /home/app/.bashrc
+
+COPY --chown=app:app . .
 
-COPY . .
+USER app
 
 RUN SECRET_KEY=e python manage.py collectstatic --no-input
 
 COPY --from=js_assets --chown=app:app /srv/app/public/static/ ./collected_static
 
-USER app
-
 CMD ["uwsgi", "--ini", "config/uwsgi.ini", "--http", "0.0.0.0:8080"]