implement appuser for running container as non-root (#462)

mr-brune · web-flow · commit f1139b5b73bf · 2025-12-21T19:41:03.000+01:00
* Create non-root user and set permissions in Dockerfile

Added non-root user and adjusted permissions for security.

* Refactor Dockerfile for non-root user and dependencies

Updated Dockerfile to create a non-root user with home directory, install system dependencies including ffmpeg, and set permissions for application directories.

* Refactor Dockerfile for improved setup

Updated Dockerfile to streamline dependencies and user setup.
diff --git a/dockerfile b/dockerfile
@@ -8,6 +8,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
+RUN groupadd -r appuser && \
+    useradd -r -g appuser -u 1000 -m -d /home/appuser -s /bin/bash appuser
+
 WORKDIR /app
 
 COPY requirements.txt ./
@@ -16,10 +19,19 @@ RUN pip install --no-cache-dir -r requirements.txt
 COPY GUI/requirements.txt ./GUI/requirements.txt
 RUN pip install --no-cache-dir -r GUI/requirements.txt
 
-COPY . .
+COPY . . 
+
+RUN mkdir -p /app/Video /app/logs /app/data \
+             /home/appuser/.local/bin/binary \
+             /home/appuser/.config && \
+    chown -R appuser:appuser /app /home/appuser && \
+    chmod -R 755 /app /home/appuser
+
+USER appuser
 
-ENV PYTHONPATH="/app:${PYTHONPATH}"
+ENV PYTHONPATH="/app: ${PYTHONPATH}" \
+    HOME=/home/appuser
 
 EXPOSE 8000
 
-CMD ["python", "GUI/manage.py", "runserver", "0.0.0.0:8000"]
+CMD ["python", "GUI/manage.py", "runserver", "0.0.0.0:8000"]
