Skip to content

Commit

Permalink
Docker: don't run dfbnc as root...
Browse files Browse the repository at this point in the history 
It's a lot more fiddly to create a user and manage
the permissions, but not running an IRC bouncer
as root seems like a good rule to live by.
  • Loading branch information
@csmith @ShaneMcC
csmith authored and ShaneMcC committed Sep 3, 2017
1 parent a88d7fe commit af8e1ab
Showing 1 changed file with 15 additions and 5 deletions.
20 changes: 15 additions & 5 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,30 @@ ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
ENV JAVA_TOOL_OPTIONS -Dfile.encoding=UTF8

COPY . /dfbnc/
COPY . /tmp/dfbnc/

RUN \
cd /dfbnc && \
useradd dfbnc && \
mkdir /home/dfbnc && \
mkdir /var/lib/dfbnc && \
chown -R dfbnc /tmp/dfbnc && \
chown -R dfbnc /home/dfbnc && \
chown -R dfbnc /var/lib/dfbnc

USER dfbnc

RUN \
cd /tmp/dfbnc && \
if [ -e .git/shallow ]; then git fetch --unshallow; fi && \
git fetch --tags && \
./gradlew jar && \
mv /dfbnc/dist/dfbnc.jar / && \
rm -rf /dfbnc
mv /tmp/dfbnc/dist/dfbnc.jar /home/dfbnc/ && \
rm -rf /tmp/dfbnc

EXPOSE 33262 33263

VOLUME ["/var/lib/dfbnc"]

WORKDIR /var/lib/dfbnc

CMD ["/usr/bin/java", "-jar", "/dfbnc.jar", "--config", "/var/lib/dfbnc", "--foreground"]
CMD ["/usr/bin/java", "-jar", "/home/dfbnc/dfbnc.jar", "--config", "/var/lib/dfbnc", "--foreground"]

0 comments on commit af8e1ab

Please sign in to comment.