From 5cf8c9a475d54fbe096e6cc9880d74aba50dfaea Mon Sep 17 00:00:00 2001
From: Plaidstallion <44079566+Plaidstallion@users.noreply.github.com>
Date: Tue, 16 Mar 2021 15:29:05 +0100
Subject: [PATCH] Update Dockerfile

Add user abc with UID:GID of 1000:1000 to start program as.
Install s6 to utilize s6-setuidgid in the startup.sh script
Make startup.sh executable
---
 Dockerfile | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2738879..7b83462 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,15 +11,26 @@ VOLUME /app/db
 ENV TZ=Australia/Melbourne
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
-# Split up these lines so Docker can cache them
+# Split up these lines so Docker can cache them. Add s6 to use in the start script.
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \ 
-    ffmpeg python3 python3-pip \
+    ffmpeg python3 python3-pip s6 \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 COPY ./requirements.txt ./ 
 RUN python3 -m pip install -r requirements.txt
 
+# Create User that program can run as and chown the working directory. Reduces the possibility of files being written as root:root
+
+ENV UNAME abc
+ENV UID 1000
+ENV GID 1000
+RUN groupadd -g $GID -o $UNAME
+RUN useradd -m -u $UID -g $GID -o -s /bin/bash $UNAME
+
+RUN chown -R abc:abc /app
+
+# Environment variables
 
 ENV APPNAME YDS
 ENV ADMINUSER admin
@@ -37,8 +48,12 @@ EXPOSE 8080
 # ENTRYPOINT ["./startup.sh", "${APPNAME}", "${ADMINUSER}", "${PASSWORD}"]
 # Can't use form above as variables don't get injected.
 # ENTRYPOINT exec ./startup.sh ${APPNAME} ${ADMINUSER} ${PASSWORD}
+
+# make the start script executable
+RUN chmod +x ./startup.sh
+
 # Directly referencing the variables in Bash now
 ENTRYPOINT ["./startup.sh"]
 
 # Needed because gunicorn doesn't execute in the correct environment
-# CMD ["./startup.sh"]
\ No newline at end of file
+# CMD ["./startup.sh"]