Skip to content

Commit 9e570fc

Browse files
sarahchen6sarahchen6
committed
Update non-root-group
1 parent 0b8f759 commit 9e570fc

1 file changed

Lines changed: 16 additions & 12 deletions

File tree

Dockerfile

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -26,8 +26,8 @@ RUN <<-EOT
2626
apt-get update
2727
apt-get install -y curl tar apt-transport-https ca-certificates gnupg locales
2828
locale-gen en_US.UTF-8
29-
groupadd --gid 1001 non-root-user
30-
useradd --uid 1001 --gid 1001 -m non-root-user
29+
groupadd --gid 1001 non-root-group
30+
useradd --uid 1001 --gid non-root-group -m non-root-group
3131
apt-get clean
3232
rm -rf /var/lib/apt/lists/*
3333
EOT
@@ -66,8 +66,9 @@ RUN <<-EOT
6666
/usr/lib/jvm/graalvm*/lib/installer
6767
EOT
6868

69-
# Switch to non-root user during runtime for security
70-
USER non-root-user
69+
# Switch to non-root group during runtime for security
70+
USER non-root-group
71+
WORKDIR /home/non-root-group
7172

7273
FROM scratch AS default-jdk
7374

@@ -89,8 +90,8 @@ RUN <<-EOT
8990
apt-get install -y curl tar apt-transport-https ca-certificates gnupg \
9091
socat less debian-goodies autossh ca-certificates-java python3-pip locales
9192
locale-gen en_US.UTF-8
92-
groupadd --gid 1001 non-root-user
93-
useradd --uid 1001 --gid 1001 -m non-root-user
93+
groupadd --gid 1001 non-root-group
94+
useradd --uid 1001 --gid non-root-group -m non-root-group
9495
apt-get clean
9596
rm -rf /var/lib/apt/lists/*
9697
mkdir -p /usr/local/lib/docker/cli-plugins /usr/local/bin
@@ -132,8 +133,9 @@ RUN <<-EOT
132133
rm -rf /var/lib/apt/lists/*
133134
EOT
134135

135-
# Switch to non-root user during runtime for security
136-
USER non-root-user
136+
# Switch to non-root group during runtime for security
137+
USER non-root-group
138+
WORKDIR /home/non-root-group
137139

138140
# IBM specific env variables
139141
ENV IBM_JAVA_OPTIONS="-XX:+UseContainerSupport"
@@ -159,8 +161,9 @@ COPY --from=all-jdk /usr/lib/jvm/${VARIANT_LOWER} /usr/lib/jvm/${VARIANT_LOWER}
159161
ENV JAVA_${VARIANT_UPPER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
160162
ENV JAVA_${VARIANT_LOWER}_HOME=/usr/lib/jvm/${VARIANT_LOWER}
161163

162-
# Switch to non-root user during runtime for security
163-
USER non-root-user
164+
# Switch to non-root group during runtime for security
165+
USER non-root-group
166+
WORKDIR /home/non-root-group
164167

165168
# Full image for debugging, contains all JDKs.
166169
FROM base AS full
@@ -177,8 +180,9 @@ COPY --from=all-jdk /usr/lib/jvm/ubuntu17 /usr/lib/jvm/ubuntu17
177180
COPY --from=all-jdk /usr/lib/jvm/graalvm17 /usr/lib/jvm/graalvm17
178181
COPY --from=all-jdk /usr/lib/jvm/graalvm21 /usr/lib/jvm/graalvm21
179182

180-
# Switch to non-root user during runtime for security
181-
USER non-root-user
183+
# Switch to non-root group during runtime for security
184+
USER non-root-group
185+
WORKDIR /home/non-root-group
182186

183187
ENV JAVA_7_HOME=/usr/lib/jvm/7
184188

0 commit comments

Comments
 (0)