feat: non root user for casdoor image (#1234)

Signed-off-by: abingcbc <abingcbc626@gmail.com> Signed-off-by: abingcbc <abingcbc626@gmail.com>
2025-05-23 02:35:49 +08:00 · 2022-10-21 17:19:58 +08:00 · 2022-10-21 17:19:58 +08:00 · 290cc60f00
commit 290cc60f00
parent 6a1ec51978
1 changed files with 14 additions and 4 deletions
--- a/18
+++ b/18
@ -13,16 +13,26 @@ RUN ./build.sh

 FROM alpine:latest AS STANDARD
 LABEL MAINTAINER="https://casdoor.org/"
+ARG USER=casdoor

 RUN sed -i 's/https/http/' /etc/apk/repositories
+RUN apk add --update sudo
 RUN apk add curl
 RUN apk add ca-certificates && update-ca-certificates

+RUN adduser -D $USER -u 1000 \
+    && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
+    && chmod 0440 /etc/sudoers.d/$USER \
+    && mkdir logs \
+    && chown -R $USER:$USER logs
+
+USER 1000
 WORKDIR /
-COPY --from=BACK /go/src/casdoor/server ./server
-COPY --from=BACK /go/src/casdoor/swagger ./swagger
-COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
-COPY --from=FRONT /web/build ./web/build
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server ./server
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
+COPY --from=FRONT --chown=$USER:$USER /web/build ./web/build
+
 ENTRYPOINT ["/server"]