From 27b68c40da496c1df35df1d60d390388ea8cae90 Mon Sep 17 00:00:00 2001
From: Hironsan <light.tree.1.13@gmail.com>
Date: Wed, 26 May 2021 19:30:06 +0900
Subject: [PATCH] Update backend container not to use super user

---
 backend/Dockerfile.prod | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/backend/Dockerfile.prod b/backend/Dockerfile.prod
index 46b4211d..99100a54 100644
--- a/backend/Dockerfile.prod
+++ b/backend/Dockerfile.prod
@@ -8,8 +8,11 @@ WORKDIR /backend
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
-COPY ./backend/ /backend/
-COPY ./Pipfile* /backend/
+RUN groupadd -g 61000 doccano \
+  && useradd -g 61000 -l -M -s /bin/false -u 61000 doccano
+
+COPY --chown=doccano:doccano ./backend/ /backend/
+COPY --chown=doccano:doccano ./Pipfile* /backend/
 
 # hadolint ignore=DL3013
 RUN apt-get update \
@@ -24,6 +27,11 @@ RUN apt-get update \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
-COPY tools/ /opt/bin/
+COPY --chown=doccano:doccano tools/ /opt/bin/
+RUN mkdir -p /backend/staticfiles \
+  && chown -R doccano:doccano /backend/staticfiles
+
+USER doccano:doccano
+VOLUME /backend/staticfiles
 
 ENTRYPOINT [ "/opt/bin/prod-django.sh" ]