Fix Rust Dockerfile user permissions and improve security

Copilot · rjaegers · Copilot · commit 472f76b18ee3 · 2025-10-06T06:49:52.000Z
Co-authored-by: rjaegers &lt;45816308+rjaegers@users.noreply.github.com&gt;
diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile
@@ -130,18 +130,15 @@ RUN --mount=type=cache,target=/cache,sharing=locked \
  && conan profile detect \
  && echo -e "\n[conf]\ntools.cmake.cmaketoolchain:generator=Ninja" >> "$(conan profile path default)"
 
-# Create cache directories with appropriate permissions for the code user
-RUN mkdir -p /cache/.ccache /cache/.cpm /cache/.python \
- && chown -R code:code /cache \
- && chmod -R 755 /cache
+# Create cache directories and conan directory with appropriate permissions for the code user
+RUN mkdir -p /cache/.ccache /cache/.cpm /cache/.python /opt/conan \
+ && chown -R code:code /cache /opt/conan \
+ && chmod -R 755 /cache /opt/conan
 
 # Set up conan for the code user
 USER code
 RUN conan profile detect \
  && echo -e "\n[conf]\ntools.cmake.cmaketoolchain:generator=Ninja" >> "$(conan profile path default)"
 
-# Switch back to root temporarily for any remaining setup
-USER root
-
 # Set the default user
 USER code
diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile
@@ -75,7 +75,8 @@ RUN groupadd --gid 1000 code \
  && chown -R code:code /home/code
 
 # Ensure the code user has access to cargo and rustup
-RUN chmod -R a+rX /usr/local/cargo /usr/local/rustup
+RUN chmod -R a+rX /usr/local/cargo /usr/local/rustup \
+ && chown -R code:code /usr/local/cargo /usr/local/rustup
 
 # Set the default user
 USER code
