From 82f19136ae4c79a481a0a02653f7731b7072f24c Mon Sep 17 00:00:00 2001
From: Patricio Diaz <padiazg@gmail.com>
Date: Fri, 22 Feb 2019 15:57:51 -0300
Subject: [PATCH] Modified Dockerfile to run as non-root

Signed-off-by: Patricio Diaz <padiazg@gmail.com>
---
 template/python3-debian/Dockerfile | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/template/python3-debian/Dockerfile b/template/python3-debian/Dockerfile
index 5098ac6..f53e6a3 100644
--- a/template/python3-debian/Dockerfile
+++ b/template/python3-debian/Dockerfile
@@ -2,25 +2,38 @@ FROM python:3
 
 RUN curl -sSL https://github.com/openfaas/faas/releases/download/0.9.6/fwatchdog > /usr/bin/fwatchdog \
     && chmod +x /usr/bin/fwatchdog
-WORKDIR /root/
+
+# Add non root user
+RUN adduser app --system --group
+
+WORKDIR /home/app/
 
 COPY index.py           .
 COPY requirements.txt   .
-RUN pip install -r requirements.txt
+
+RUN chown -R app /home/app
+
+USER app
+ENV PATH=$PATH:/home/app/.local/bin
+RUN pip install --user -r requirements.txt
 
 RUN mkdir -p function
 RUN touch ./function/__init__.py
-WORKDIR /root/function/
+
+WORKDIR /home/app/function/
 COPY function/requirements.txt	.
-RUN pip install -r requirements.txt
+RUN pip install --user -r requirements.txt
 
-WORKDIR /root/
-COPY function           function
+WORKDIR /home/app
 
-WORKDIR /root/
+USER root
+COPY function           function
+RUN chown -R app:app ./
+USER app
 
 ENV fprocess="python3 index.py"
+EXPOSE 8080
 
-HEALTHCHECK --interval=1s CMD [ -e /tmp/.lock ] || exit 1
+HEALTHCHECK --interval=3s CMD [ -e /tmp/.lock ] || exit 1
 
 CMD ["fwatchdog"]