add uid/gid selection to run application as in Dockerfile

2025-08-12 19:16:39 +03:00 · 2025-08-12 19:16:39 +03:00 · 89b19b820d
commit 89b19b820d
parent 3a94541de7
1 changed files with 14 additions and 1 deletions
--- a/15
+++ b/15
@ -33,5 +33,18 @@ ENV PROXY_SECRET=change_me
 WORKDIR ${WORKDIR_PATH}/config

 CMD \
+    # Create and switch to user with desired UID and GID.
+    # All processes that create/change files in ${DATA_PATH}
+    # must be run under this user.
+    groupadd -g ${GID} worker && \
+    useradd -M -g ${GID} -u ${UID} worker && \
+    chmod -R o-rwx ${WORKDIR_PATH} && \
+
+    # Add proxy secret
    sed -i "s/_PROXY_SECRET_/${PROXY_SECRET}/g" settings.yml && \
-    java -Xms${MEMORY} -Xmx${MEMORY} -jar *.jar --nogui
+
+    # Change UID and GID of used files to desired values.
+    chown -R worker:worker ${WORKDIR_PATH} && \
+
+    # Launch
+    su worker -c "java -Xms${MEMORY} -Xmx${MEMORY} -jar *.jar --nogui"