From 05d3fa189a31dd163d5818db105121b59d446487 Mon Sep 17 00:00:00 2001 From: anton Date: Thu, 4 Apr 2024 12:40:21 +0200 Subject: [PATCH] refactor Dockerfile to run lavamusic as non-root user --- Dockerfile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Dockerfile b/Dockerfile index 95ae5970b..68f8ba8d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,4 +33,14 @@ COPY --from=builder /opt/lavamusic/src/utils/LavaLogo.txt ./src/utils/LavaLogo.t COPY package*.json ./ RUN npm install --only=production +# Run as non-root user +RUN addgroup --gid 322 --system lavamusic && \ + adduser --uid 322 --system lavamusic + +# Change ownership of the folder +RUN chown -R lavamusic:lavamusic /opt/lavamusic/ + +# Switch to the appropriate user +USER lavamusic + CMD [ "node", "dist/index.js" ]