follow best practices for creating unprivileged user

- Determinitist GID and UID - Docker recommends using `--no-log-init` until [this issue](golang/go#13548) gets resolved.
rakutentech · Nov 26, 2020 · e838c81 · e838c81
1 parent 069ffba
commit e838c81
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -89,8 +89,9 @@ RUN ln -s /etc/fonts/conf.avail/99-local.conf /etc/fonts/conf.d/ && fc-cache -rv
 
 # Configure home and user
 WORKDIR /home/jetty
-RUN useradd -M -r -g users jetty
-RUN chown -R jetty:users .
+RUN  groupadd -r -g 20001 jetty \
+  && useradd -M --no-log-init -r -u 20001 -g jetty jetty \
+  && chown -R jetty:jetty .
 USER jetty
 
 # Copy default skin (beta, many things don't work well yet)