Skip to content

Commit 7c4f542

Browse files
lilyLuLiuadrianriobo
lilyLuLiu
authored and
adrianriobo
committed
[fix] use non-root user, set group ownership and file permission
1 parent b8b45c1 commit 7c4f542

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

oci/Containerfile

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,6 @@ ENV PULUMI_HOME "/opt/mapt/run"
5252
WORKDIR ${PULUMI_HOME}
5353

5454
RUN mkdir -p /opt/mapt/run \
55-
&& chmod -R 0777 /opt/mapt/run \
5655
&& if [ "$TARGETARCH" = "arm64" ]; then export ARCH_N=aarch64; fi \
5756
&& export AWS_CLI_URL="https://awscli.amazonaws.com/awscli-exe-linux-${ARCH_N}-${AWS_CLI_VERSION}.zip" \
5857
&& export AZ_CLI_RPM="https://packages.microsoft.com/rhel/9.0/prod/Packages/a/azure-cli-${AZ_CLI_VERSION}-1.el9.${ARCH_N}.rpm" \
@@ -72,8 +71,11 @@ RUN mkdir -p /opt/mapt/run \
7271
&& pulumi plugin install resource tls ${PULUMI_TLS_VERSION} \
7372
&& pulumi plugin install resource random ${PULUMI_RANDOM_VERSION} \
7473
&& pulumi plugin install resource awsx ${PULUMI_AWSX_VERSION} \
75-
&& pulumi plugin install resource aws-native ${PULUMI_AWS_NATIVE_VERSION}
76-
74+
&& pulumi plugin install resource aws-native ${PULUMI_AWS_NATIVE_VERSION} \
75+
&& chown -R 1001:0 /opt/mapt/run \
76+
&& chmod -R g=u /opt/mapt/run
77+
78+
USER 1001
7779
ENTRYPOINT ["mapt"]
7880
CMD ["-h"]
7981

0 commit comments

Comments
 (0)