From 66d7d19af8b370ec6f081635ca5cb28b42ddf438 Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Mon, 08 May 2017 20:10:30 +0000
Subject: [PATCH] Run UniFi as a separate non-root user

---
 Dockerfile |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 8f76dab..65e6444 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,14 @@
 FROM debian:jessie
 MAINTAINER Jacek Kowalski <Jacek@jacekk.info>
 
-ENV UNIFI_VERSION 5.3.8
+ENV UNIFI_VERSION 5.4.11
 
 RUN echo 'deb http://httpredir.debian.org/debian jessie-backports main' > \
                 /etc/apt/sources.list.d/jessie-backports.list \
 	&& apt-get update \
 	&& apt-get -y dist-upgrade \
 	&& apt-get -y -t jessie-backports install \
-		wget jsvc openjdk-8-jre-headless mongodb-server binutils \
+		wget jsvc openjdk-8-jre-headless mongodb-server binutils sudo \
 	&& apt-get -y clean
 
 RUN cd /tmp \
@@ -16,9 +16,14 @@
 	&& dpkg -i unifi_sysvinit_all.deb \
 	&& rm -rf unifi_sysvinit_all.deb /var/lib/unifi/*
 
+RUN groupadd -r -g 500 unifi \
+	&& useradd -r -d /usr/lib/unifi -u 500 -g 500 unifi \
+	&& chown -Rf unifi:unifi /usr/lib/unifi
+
 EXPOSE 8080 8081 8443 8843 8880
 
 VOLUME /usr/lib/unifi/data
 
 WORKDIR /var/lib/unifi
-CMD ["/usr/bin/java", "-Xmx1024M", "-jar", "/usr/lib/unifi/lib/ace.jar", "start"]
+COPY run.sh /run.sh
+CMD /run.sh

--
Gitblit v1.9.1