From 1054a531b56eb09f4269732fd08cff4b5654a083 Mon Sep 17 00:00:00 2001
From: Federico Gimenez <fgimenez@users.noreply.github.com>
Date: Fri, 16 Aug 2019 13:42:37 +0200
Subject: [PATCH] non-root user for running node in Dockerfile (#369)

---
 polkadot/docker/Dockerfile | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/polkadot/docker/Dockerfile b/polkadot/docker/Dockerfile
index b3057e2dece..aaff0b37ad4 100644
--- a/polkadot/docker/Dockerfile
+++ b/polkadot/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM phusion/baseimage:0.10.1 as builder
+FROM phusion/baseimage:0.10.2 as builder
 LABEL maintainer "chevdor@gmail.com"
 LABEL description="This is the build stage for Polkadot. Here we create the binary."
 
@@ -17,7 +17,7 @@ RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && \
 
 # ===== SECOND STAGE ======
 
-FROM phusion/baseimage:0.10.0
+FROM phusion/baseimage:0.10.2
 LABEL maintainer "chevdor@gmail.com"
 LABEL description="This is the 2nd stage: a very small image where we copy the Polkadot binary."
 ARG PROFILE=release
@@ -27,11 +27,13 @@ RUN mv /usr/share/ca* /tmp && \
 	rm -rf /usr/share/*  && \
 	mv /tmp/ca-certificates /usr/share/ && \
 	rm -rf /usr/lib/python* && \
-	mkdir -p /root/.local/share/polkadot && \
-	ln -s /root/.local/share/polkadot /data
-
-RUN	rm -rf /usr/bin /usr/sbin
+	rm -rf /usr/bin /usr/sbin && \
+	useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
+	mkdir -p /polkadot/.local/share/polkadot && \
+	chown -R polkadot:polkadot /polkadot/.local && \
+	ln -s /polkadot/.local/share/polkadot /data
 
+USER polkadot
 EXPOSE 30333 9933 9944
 VOLUME ["/data"]
 
-- 
GitLab