From 41033e32e04f3d36b77aa9b2597e5c414486f06a Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Wed, 18 Oct 2017 20:58:34 +0000
Subject: [PATCH] Run image as user unifi using USER directive and not sudo

---
 Dockerfile |   27 ++++++++++++++++-----------
 1 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c28f7a3..5c8419b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,24 +1,29 @@
-FROM debian:jessie
+FROM openjdk:8-jre-slim
 MAINTAINER Jacek Kowalski <Jacek@jacekk.info>
 
-ENV UNIFI_VERSION 5.4.11
+ENV UNIFI_VERSION 5.4.19
 
-RUN echo 'deb http://httpredir.debian.org/debian jessie-backports main' > \
-                /etc/apt/sources.list.d/jessie-backports.list \
-	&& apt-get update \
-	&& apt-get -y dist-upgrade \
-	&& apt-get -y -t jessie-backports install \
-		wget jsvc openjdk-8-jre-headless mongodb-server binutils \
-	&& apt-get -y clean
+RUN apt-get update \
+	&& apt-get -y install \
+		wget jsvc mongodb-server binutils procps sudo \
+	&& apt-get -y clean \
+	&& rm -Rf /var/lib/apt/lists/*
 
 RUN cd /tmp \
 	&& wget "https://www.ubnt.com/downloads/unifi/${UNIFI_VERSION}/unifi_sysvinit_all.deb" \
 	&& dpkg -i unifi_sysvinit_all.deb \
-	&& rm -rf unifi_sysvinit_all.deb /var/lib/unifi/*
+	&& rm -rf unifi_sysvinit_all.deb /var/lib/unifi/* \
+	&& groupadd -r -g 500 unifi \
+	&& useradd -r -d /usr/lib/unifi -u 500 -g 500 unifi \
+	&& mkdir /usr/lib/unifi/data /var/lib/unifi \
+	&& chown -Rf unifi:unifi /usr/lib/unifi /var/lib/unifi
 
 EXPOSE 8080 8081 8443 8843 8880
 
 VOLUME /usr/lib/unifi/data
 
 WORKDIR /var/lib/unifi
-CMD ["/usr/bin/java", "-Xmx1024M", "-jar", "/usr/lib/unifi/lib/ace.jar", "start"]
+COPY run.sh /run.sh
+CMD /run.sh
+
+USER unifi

--
Gitblit v1.9.1