Skip to content
This repository has been archived by the owner on Feb 10, 2025. It is now read-only.

Commit

Permalink
appuser shouldn't be able to modify app files
Browse files Browse the repository at this point in the history
  • Loading branch information
@hkiang01
hkiang01 committed Jan 16, 2024
1 parent 8dddd84 commit 2159c87
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 22 deletions.
8 changes: 4 additions & 4 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ RUN groupadd --gid $USER_GID $USERNAME \
RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data

WORKDIR /app
COPY --from=base --chown=${USER_UID}:${USER_GID} /app/node_modules /app/node_modules
ADD --chown=${USER_UID}:${USER_GID} package.json app.js ./
ADD --chown=${USER_UID}:${USER_GID} src ./src
ADD --chown=${USER_UID}:${USER_GID} migrations ./migrations
COPY --from=base /app/node_modules /app/node_modules
ADD package.json app.js ./
ADD src ./src
ADD migrations ./migrations
USER ${USER_UID}
ENTRYPOINT ["/usr/bin/tini","-g", "--"]
EXPOSE 5006
Expand Down
10 changes: 5 additions & 5 deletions docker/edge-alpine.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,11 @@ RUN addgroup -S ${USERNAME} -g ${USER_GID} && adduser -S ${USERNAME} -G ${USERNA
RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data

WORKDIR /app
COPY --from=base --chown=${USER_UID}:${USER_GID} /app/node_modules /app/node_modules
COPY --from=base --chown=${USER_UID}:${USER_GID} /public /public
ADD --chown=${USER_UID}:${USER_GID} package.json app.js ./
ADD --chown=${USER_UID}:${USER_GID} src ./src
ADD --chown=${USER_UID}:${USER_GID} migrations ./migrations
COPY --from=base /app/node_modules /app/node_modules
COPY --from=base /public /public
ADD package.json app.js ./
ADD src ./src
ADD migrations ./migrations
USER ${USER_UID}
ENTRYPOINT ["/sbin/tini","-g", "--"]
ENV ACTUAL_WEB_ROOT=/public
Expand Down
10 changes: 5 additions & 5 deletions docker/edge-ubuntu.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,11 @@ RUN groupadd --gid $USER_GID $USERNAME \
RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data

WORKDIR /app
COPY --from=base --chown=${USER_UID}:${USER_GID} /app/node_modules /app/node_modules
COPY --from=base --chown=${USER_UID}:${USER_GID} /public /public
ADD --chown=${USER_UID}:${USER_GID} package.json app.js ./
ADD --chown=${USER_UID}:${USER_GID} src ./src
ADD --chown=${USER_UID}:${USER_GID} migrations ./migrations
COPY --from=base /app/node_modules /app/node_modules
COPY --from=base /public /public
ADD package.json app.js ./
ADD src ./src
ADD migrations ./migrations
USER ${USER_UID}
ENTRYPOINT ["/usr/bin/tini","-g", "--"]
ENV ACTUAL_WEB_ROOT=/public
Expand Down
8 changes: 4 additions & 4 deletions docker/stable-alpine.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ RUN addgroup -S ${USERNAME} -g ${USER_GID} && adduser -S ${USERNAME} -G ${USERNA
RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data

WORKDIR /app
COPY --from=base --chown=${USER_UID}:${USER_GID} /app/node_modules /app/node_modules
ADD --chown=${USER_UID}:${USER_GID} package.json app.js ./
ADD --chown=${USER_UID}:${USER_GID} src ./src
ADD --chown=${USER_UID}:${USER_GID} migrations ./migrations
COPY --from=base /app/node_modules /app/node_modules
ADD package.json app.js ./
ADD src ./src
ADD migrations ./migrations
USER ${USER_UID}
ENTRYPOINT ["/sbin/tini","-g", "--"]
EXPOSE 5006
Expand Down
8 changes: 4 additions & 4 deletions docker/stable-ubuntu.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ RUN groupadd --gid $USER_GID $USERNAME \
RUN mkdir /data && chown -R ${USERNAME}:${USERNAME} /data

WORKDIR /app
COPY --from=base --chown=${USER_UID}:${USER_GID} /app/node_modules /app/node_modules
ADD --chown=${USER_UID}:${USER_GID} package.json app.js ./
ADD --chown=${USER_UID}:${USER_GID} src ./src
ADD --chown=${USER_UID}:${USER_GID} migrations ./migrations
COPY --from=base /app/node_modules /app/node_modules
ADD package.json app.js ./
ADD src ./src
ADD migrations ./migrations
USER ${USER_UID}
ENTRYPOINT ["/usr/bin/tini","-g", "--"]
EXPOSE 5006
Expand Down

0 comments on commit 2159c87

Please sign in to comment.