From cb432015b517ad7dd29a567541957fa900ea76bc Mon Sep 17 00:00:00 2001
From: Thibault Godouet <yo8192@users.noreply.github.com>
Date: Sun, 25 Jul 2021 17:28:31 +0100
Subject: [PATCH] run as non-root in docker

---
 build/Dockerfile    | 7 +++++++
 build/entrypoint.sh | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/build/Dockerfile b/build/Dockerfile
index b391b6c..4c16dbe 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -25,4 +25,11 @@ COPY gpgparams entrypoint.sh /protonmail/
 # Copy protonmail
 COPY --from=build /build/proton-bridge/proton-bridge /protonmail/
 
+# Add a user 'protonmail' with UID 8535
+RUN useradd -u 8535 -d /home/protonmail protonmail \
+    && mkdir -p /home/protonmail \
+    && chown protonmail: /home/protonmail
+# change to non-privileged user for extra security
+USER protonmail
+
 ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]
diff --git a/build/entrypoint.sh b/build/entrypoint.sh
index 1cebda6..c04cb4a 100644
--- a/build/entrypoint.sh
+++ b/build/entrypoint.sh
@@ -2,6 +2,11 @@
 
 set -ex
 
+id
+# Go to current user's homedir
+cd
+echo $PWD
+
 # Initialize
 if [[ $1 == init ]]; then