From f20b0e732578c4a6d311a7b0700782c1300293e1 Mon Sep 17 00:00:00 2001 From: ilian Date: Sun, 18 Aug 2024 16:04:01 +0200 Subject: [PATCH] Fix collisions with existing user and group ids Do not add groups or users if ther gid or uid already exists in the base image. We also make useradd and the USER instruction depend on numeric ids since we can't guarantee that a group or user with name 'app' exists. The USER instruction now also includes the group id to ensure that any created files have the expected user and group ownership. --- Dockerfile.unix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile.unix b/Dockerfile.unix index 8a66687..2151579 100644 --- a/Dockerfile.unix +++ b/Dockerfile.unix @@ -2,8 +2,9 @@ ARG RUBY_VERSION=3.3.4 FROM ruby:${RUBY_VERSION} ARG USER_ID=1000 ARG GROUP_ID=1000 -RUN groupadd -g $GROUP_ID app && useradd -u $USER_ID -g app -m app -USER app +RUN (getent group $GROUP_ID > /dev/null || groupadd -g $GROUP_ID app) && \ + (getent passwd $USER_ID > /dev/null || useradd -u $USER_ID -g $GROUP_ID -m app) +USER $USER_ID:$GROUP_ID ARG RAILS_VERSION # Install Rails based on the version specified but if not specified, install the latest version. RUN if [ -z "$RAILS_VERSION" ] ; then gem install rails ; else gem install rails -v $RAILS_VERSION ; fi