run as user "max" instead of root (#42)

IBM · Dec 16, 2020 · ff33a16 · ff33a16
1 parent 5dc96c2
commit ff33a16
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 7 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,3 +1,4 @@
 .git*
 .idea/
 README.*
+.travis.yml
diff --git a/Dockerfile b/Dockerfile
@@ -17,10 +17,12 @@
 FROM continuumio/miniconda3:4.7.12
 
 # Upgrade all packages to meet security criteria
-RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get upgrade -y && apt-get install sudo && rm -rf /var/lib/apt/lists/*
 
-WORKDIR /workspace
+RUN useradd --create-home max && echo "max ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+RUN chown -R max:max /opt/conda
+USER max
+WORKDIR /home/max
 RUN mkdir assets
-
 COPY . .
 RUN pip install --upgrade pip && pip install -r requirements.txt
diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7
@@ -17,15 +17,19 @@
 FROM arm32v7/python:3.7.6-buster
 
 # Upgrade all packages to meet security criteria
-RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get upgrade -y && apt-get install sudo && rm -rf /var/lib/apt/lists/*
 
 # arm32v7 is the CPU that is integrated into Raspberry Pi 4
 
-WORKDIR /workspace
-RUN mkdir assets
-
 # Enable piwheels
 RUN echo "[global]\nextra-index-url=https://www.piwheels.org/simple" >> /etc/pip.conf
 
+
+RUN useradd --create-home max && echo "max ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+USER max
+WORKDIR /home/max
+RUN mkdir assets
+
 COPY . .
 RUN pip install --upgrade pip && pip install -r requirements.txt
+