Update docker file with disabling user

hotosm · Nov 22, 2023 · 94f6daa · 94f6daa
1 parent 0e0e044
commit 94f6daa
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -26,11 +26,11 @@ RUN pip install --user --no-cache-dir --upgrade pip \
     && pip install --user --no-cache-dir -e .
 
 FROM base as runner
-WORKDIR /home/appuser
+# WORKDIR /home/appuser
 ENV PIP_NO_CACHE_DIR=1
 ENV PYTHONUNBUFFERED=1
-ENV PATH="/home/appuser/.local/bin:$PATH"
-ENV PYTHON_LIB="/home/appuser/.local/lib/python$PYTHON_VERSION/site-packages"
+# ENV PATH="/home/appuser/.local/bin:$PATH"
+# ENV PYTHON_LIB="/home/appuser/.local/lib/python$PYTHON_VERSION/site-packages"
 
 RUN apt-get update \
     && apt-get -y upgrade \
@@ -39,16 +39,12 @@ RUN apt-get update \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /root/.local /home/appuser/.local
+# COPY --from=builder /root/.local /home/appuser/.local
 COPY README.md .
 COPY config.txt.sample ./config.txt
 COPY setup.py .
 COPY API/ ./API/
 COPY src/ ./src/
-# Change ownership to root for relevant directories and files
-USER root
-RUN chown -R root:root /home/appuser
-
 # Use a separate stage to pull the tippecanoe image
 FROM ghcr.io/hotosm/tippecanoe:main as tippecanoe-builder
 
@@ -58,5 +54,10 @@ FROM runner as prod
 COPY --from=tippecanoe-builder /usr/local/bin/tippecanoe* /usr/local/bin/
 COPY --from=tippecanoe-builder /usr/local/bin/tile-join /usr/local/bin/
 
+# RUN useradd --system --uid 900 --home-dir /home/appuser --shell /bin/false appuser \
+#     && chown -R appuser:appuser /home/appuser
+# Commenting APPuser as by default azure mounts disks as root
+# USER appuser
+
 # CMD ["/bin/bash"]
 CMD ["uvicorn", "API.main:app", "--reload", "--host", "0.0.0.0", "--port", "8000", "--no-use-colors", "--proxy-headers"]