From 41033e32e04f3d36b77aa9b2597e5c414486f06a Mon Sep 17 00:00:00 2001 From: Jacek Kowalski <Jacek@jacekk.info> Date: Wed, 18 Oct 2017 20:58:34 +0000 Subject: [PATCH] Run image as user unifi using USER directive and not sudo --- Dockerfile | 24 ++++++++++++++++-------- 1 files changed, 16 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3968933..5c8419b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,29 @@ -FROM debian +FROM openjdk:8-jre-slim MAINTAINER Jacek Kowalski <Jacek@jacekk.info> -ENV UNIFI_VERSION 4.8.17 +ENV UNIFI_VERSION 5.4.19 RUN apt-get update \ - && apt-get -y dist-upgrade \ - && apt-get -y install wget jsvc openjdk-7-jre-headless mongodb-server binutils \ - && apt-get -y clean + && apt-get -y install \ + wget jsvc mongodb-server binutils procps sudo \ + && apt-get -y clean \ + && rm -Rf /var/lib/apt/lists/* RUN cd /tmp \ - && wget "http://dl.ubnt.com/unifi/${UNIFI_VERSION}/unifi_sysvinit_all.deb" \ + && wget "https://www.ubnt.com/downloads/unifi/${UNIFI_VERSION}/unifi_sysvinit_all.deb" \ && dpkg -i unifi_sysvinit_all.deb \ - && rm -rf /var/lib/unifi/* + && rm -rf unifi_sysvinit_all.deb /var/lib/unifi/* \ + && groupadd -r -g 500 unifi \ + && useradd -r -d /usr/lib/unifi -u 500 -g 500 unifi \ + && mkdir /usr/lib/unifi/data /var/lib/unifi \ + && chown -Rf unifi:unifi /usr/lib/unifi /var/lib/unifi EXPOSE 8080 8081 8443 8843 8880 VOLUME /usr/lib/unifi/data WORKDIR /var/lib/unifi -CMD ["/usr/bin/java", "-Xmx1024M", "-jar", "/usr/lib/unifi/lib/ace.jar", "start"] +COPY run.sh /run.sh +CMD /run.sh + +USER unifi -- Gitblit v1.9.1