From 50dbe8e2444cfc171930cb82cc99017f6a0aadf2 Mon Sep 17 00:00:00 2001
From: Federico Gimenez <fgimenez@users.noreply.github.com>
Date: Thu, 5 Apr 2018 14:14:32 +0200
Subject: [PATCH] Dockerfile: use non-privileged user account (#16052)

---
 Dockerfile          | 6 ++++++
 Dockerfile.alltools | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 29cdc80f9..a5f450d19 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,5 +12,11 @@ FROM alpine:latest
 RUN apk add --no-cache ca-certificates
 COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/
 
+RUN addgroup -g 1000 geth && \
+    adduser -h /root -D -u 1000 -G geth geth && \
+    chown geth:geth /root
+
+USER geth
+
 EXPOSE 8545 8546 30303 30303/udp 30304/udp
 ENTRYPOINT ["geth"]
diff --git a/Dockerfile.alltools b/Dockerfile.alltools
index 1047738d2..2175edbcb 100644
--- a/Dockerfile.alltools
+++ b/Dockerfile.alltools
@@ -12,4 +12,10 @@ FROM alpine:latest
 RUN apk add --no-cache ca-certificates
 COPY --from=builder /go-ethereum/build/bin/* /usr/local/bin/
 
+RUN addgroup -g 1000 geth && \
+    adduser -h /root -D -u 1000 -G geth geth \
+    chown geth:geth /root
+
+USER geth
+
 EXPOSE 8545 8546 30303 30303/udp 30304/udp
-- 
GitLab