From be326bc5eb40faa620b007030f39c772b6dd119c Mon Sep 17 00:00:00 2001
From: Phil Winder <phil@winderresearch.com>
Date: Mon, 7 Nov 2016 16:36:20 +0000
Subject: [PATCH] Clean and ensure file is owned by the correct user.

---
 docker/catalogue/Dockerfile-release | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/docker/catalogue/Dockerfile-release b/docker/catalogue/Dockerfile-release
index 4a6de5c3..c8cc5314 100644
--- a/docker/catalogue/Dockerfile-release
+++ b/docker/catalogue/Dockerfile-release
@@ -1,15 +1,24 @@
 FROM alpine:3.4
 
-RUN addgroup mygroup && adduser -D -G mygroup myuser
-RUN apk add --update libcap
+ENV	SERVICE_USER=myuser \
+	SERVICE_UID=10001 \
+	SERVICE_GROUP=mygroup \
+	SERVICE_GID=10001
+
+RUN	addgroup -g ${SERVICE_GID} ${SERVICE_GROUP} && \
+	adduser -g "${SERVICE_NAME} user" -D -H -G ${SERVICE_GROUP} -s /sbin/nologin -u ${SERVICE_UID} ${SERVICE_USER} && \
+	apk add --update libcap
 
 WORKDIR /
 EXPOSE 80
 COPY app /
 COPY images/ /images/
 
-RUN setcap 'cap_net_bind_service=+ep' /app
-USER myuser
+RUN	chmod +x /app && \
+	chown -R ${SERVICE_USER}:${SERVICE_GROUP} /app /images && \
+	setcap 'cap_net_bind_service=+ep' /app
+
+USER ${SERVICE_USER}
 
 ARG BUILD_DATE
 ARG BUILD_VERSION