Created
February 12, 2021 13:51
-
-
Save unfor19/06313b22a54cb1ed39b218151e7f05f3 to your computer and use it in GitHub Desktop.
run-as-non-root-user-good-dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GOOD | |
| FROM python:3.9.1-slim as app | |
| WORKDIR /myapp/ | |
| # Creates `appuser` and `appgroup` and sets permissions on the app`s directory | |
| RUN addgroup appgroup --gid 1000 && \ | |
| useradd appuser --uid 1000 --gid appgroup --home-dir /myapp/ && \ | |
| chown -R appuser:appgroup /myapp/ | |
| # All the following commands will be executed by `appuser`, instead of `root` | |
| USER appuser | |
| # Copy artifacts from the build stage and set `appuser` as the owner | |
| COPY --from=build --chown=appuser:appgroup /myapp/ | |
| ENTRYPOINT ["app"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment