run as non-root in docker

2025-12-06 08:27:08 +00:00 · 2021-07-25 17:28:31 +01:00 · 2021-07-25 17:28:31 +01:00 · cb432015b5
commit cb432015b5
parent 8fa301b5a3
2 changed files with 12 additions and 0 deletions
--- a/build/Dockerfile
+++ b/build/Dockerfile
@ -25,4 +25,11 @@ COPY gpgparams entrypoint.sh /protonmail/
 # Copy protonmail
 COPY --from=build /build/proton-bridge/proton-bridge /protonmail/

+# Add a user 'protonmail' with UID 8535
+RUN useradd -u 8535 -d /home/protonmail protonmail \
+    && mkdir -p /home/protonmail \
+    && chown protonmail: /home/protonmail
+# change to non-privileged user for extra security
+USER protonmail
+
 ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]
--- a/build/entrypoint.sh
+++ b/build/entrypoint.sh
@ -2,6 +2,11 @@

 set -ex

+id
+# Go to current user's homedir
+cd
+echo $PWD
+
 # Initialize
 if [[ $1 == init ]]; then