Skip to content

Commit fc4238c

Browse files
sarahchen6sarahchen6
committed
Update non-root-group
1 parent 71b1d02 commit fc4238c

File tree

1 file changed

+16
-12
lines changed

1 file changed

+16
-12
lines changed

Dockerfile

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,8 @@ RUN <<-EOT
3131
apt-get update
3232
apt-get install -y curl tar apt-transport-https ca-certificates gnupg locales
3333
locale-gen en_US.UTF-8
34-
groupadd --gid 1001 non-root-user
35-
useradd --uid 1001 --gid 1001 -m non-root-user
34+
groupadd --gid 1001 non-root-group
35+
useradd --uid 1001 --gid non-root-group -m non-root-group
3636
apt-get clean
3737
rm -rf /var/lib/apt/lists/*
3838
EOT
@@ -71,8 +71,9 @@ RUN <<-EOT
7171
/usr/lib/jvm/graalvm*/lib/installer
7272
EOT
7373

74-
# Switch to non-root user during runtime for security
75-
USER non-root-user
74+
# Switch to non-root group during runtime for security
75+
USER non-root-group
76+
WORKDIR /home/non-root-group
7677

7778
FROM scratch AS default-jdk
7879
ARG LATEST_VERSION
@@ -98,8 +99,8 @@ RUN <<-EOT
9899
apt-get install -y curl tar apt-transport-https ca-certificates gnupg \
99100
socat less debian-goodies autossh ca-certificates-java python3-pip locales
100101
locale-gen en_US.UTF-8
101-
groupadd --gid 1001 non-root-user
102-
useradd --uid 1001 --gid 1001 -m non-root-user
102+
groupadd --gid 1001 non-root-group
103+
useradd --uid 1001 --gid non-root-group -m non-root-group
103104
apt-get clean
104105
rm -rf /var/lib/apt/lists/*
105106
mkdir -p /usr/local/lib/docker/cli-plugins /usr/local/bin
@@ -141,8 +142,9 @@ RUN <<-EOT
141142
rm -rf /var/lib/apt/lists/*
142143
EOT
143144

144-
# Switch to non-root user during runtime for security
145-
USER non-root-user
145+
# Switch to non-root group during runtime for security
146+
USER non-root-group
147+
WORKDIR /home/non-root-group
146148

147149
# IBM specific env variables
148150
ENV IBM_JAVA_OPTIONS="-XX:+UseContainerSupport"
@@ -169,8 +171,9 @@ COPY --from=all-jdk /usr/lib/jvm/${VARIANT_LOWER} /usr/lib/jvm/${VARIANT_LOWER}
169171
ENV JAVA_${VARIANT_UPPER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
170172
ENV JAVA_${VARIANT_LOWER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
171173

172-
# Switch to non-root user during runtime for security
173-
USER non-root-user
174+
# Switch to non-root group during runtime for security
175+
USER non-root-group
176+
WORKDIR /home/non-root-group
174177

175178
# Full image for debugging, contains all JDKs.
176179
FROM base AS full
@@ -187,8 +190,9 @@ COPY --from=all-jdk /usr/lib/jvm/ubuntu17 /usr/lib/jvm/ubuntu17
187190
COPY --from=all-jdk /usr/lib/jvm/graalvm17 /usr/lib/jvm/graalvm17
188191
COPY --from=all-jdk /usr/lib/jvm/graalvm21 /usr/lib/jvm/graalvm21
189192

190-
# Switch to non-root user during runtime for security
191-
USER non-root-user
193+
# Switch to non-root group during runtime for security
194+
USER non-root-group
195+
WORKDIR /home/non-root-group
192196

193197
ENV JAVA_7_HOME=/usr/lib/jvm/7
194198

0 commit comments

Comments
 (0)