Merge pull request #57 from oslokommune/un-root

simenheg · web-flow · commit 80a32a641d6e · 2025-09-22T15:02:13.000+02:00
Don't run Docker containers as root
diff --git a/Dockerfile b/Dockerfile
@@ -15,5 +15,10 @@ RUN chmod +x /usr/local/bin/docker-entrypoint.sh
 
 EXPOSE 8000
 
+RUN groupadd -r app
+RUN useradd -r -g app app
+RUN chown -R app:app /usr/src/app/workdir
+USER app
+
 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD ["python", "-m", "probe"]
diff --git a/local-compose.yaml b/local-compose.yaml
@@ -1,5 +1,3 @@
-version: "3.2"
-
 networks:
   probe:
 
diff --git a/local/http_server/Dockerfile b/local/http_server/Dockerfile
@@ -5,4 +5,10 @@ RUN mkdir /usr/src/app/
 COPY . /usr/src/app/
 WORKDIR /usr/src/app/
 RUN pip install flask
+
+RUN groupadd -r app
+RUN useradd -r -g app app
+RUN chown -R app:app /usr/src/app
+USER app
+
 CMD ["python", "http_server.py"]
