From f0f3d3ec23f8f5e5219563554e15730edeb59716 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 30 Jul 2024 10:32:02 +0200 Subject: [PATCH] add nonroot-user --- Dockerfile | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6ccbad8..6afdf6f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,11 +2,25 @@ FROM python:3.12.4-bookworm ENV DEBIAN_FRONTEND=noninteractive -WORKDIR / -COPY requirements.txt . -COPY requirements.yaml . -COPY start_tmux.sh . -COPY version.sh . +# Update the package list, install sudo, create a non-root user, and grant password-less sudo permissions +# https://dev.to/izackv/running-a-docker-container-with-a-custom-non-root-user-syncing-host-and-container-permissions-26mb +RUN apt update && \ + apt install -y sudo && \ + addgroup --gid 2000 nonroot && \ + adduser --uid 2000 --gid 2000 --disabled-password --gecos "" ansible-user && \ + echo 'ansible-user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers \ + && rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/* \ + && apt-get clean + +# Set the non-root user as the default user +USER ansible-user + +WORKDIR /home/ansible-user/ + +COPY --chown=ansible-user:ansible-user requirements.txt . +COPY --chown=ansible-user:ansible-user requirements.yaml . +COPY --chown=ansible-user:ansible-user start_tmux.sh . +COPY --chown=ansible-user:ansible-user version.sh . # hadolint ignore=DL3013 RUN python3 -m pip install --no-cache-dir --upgrade pip \