ykxiao/laradock
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add non-root user for workspace container.

Browse Source
This commit is contained in:
Eric Pfeiffer
2016-07-27 02:43:38 -05:00
parent dd06f1e1a0
commit 17e252a436
2 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker-compose.yml
View File

@@ -10,8 +10,10 @@ services:
args: args:
- INSTALL_MONGO=false - INSTALL_MONGO=false
- INSTALL_XDEBUG=false - INSTALL_XDEBUG=false
- INSTALL_NODE=false - INSTALL_NODE=true
- COMPOSER_GLOBAL_INSTALL=false - COMPOSER_GLOBAL_INSTALL=false
- PUID=1000
- PGID=1000
volumes_from: volumes_from:
- volumes_source - volumes_source
tty: true tty: true

30
workspace/Dockerfile
View File

@@ -60,12 +60,25 @@ RUN if [ ${INSTALL_MONGO} = true ]; then \
echo "extension=mongodb.so" >> /etc/php/7.0/cli/php.ini \ echo "extension=mongodb.so" >> /etc/php/7.0/cli/php.ini \
;fi ;fi
#####################################
# Non-Root User:
#####################################
# Add a non-root user to prevent files being created with root permissions on host machine.
ARG PUID=1000
ARG PGID=1000
RUN groupadd -g $PGID laradock && \
useradd -u $PUID -g laradock -m laradock
# Now switch to our laradock user for the rest of user setup
USER laradock
##################################### #####################################
# Composer: # Composer:
##################################### #####################################
# Add the composer.json # Add the composer.json
ADD ./composer.json /root/.composer/composer.json ADD ./composer.json /home/laradock/.composer/composer.json
# Check if global install need to be runned # Check if global install need to be runned
ARG COMPOSER_GLOBAL_INSTALL=true ARG COMPOSER_GLOBAL_INSTALL=true
@@ -84,13 +97,13 @@ ARG INSTALL_NODE=true
ENV INSTALL_NODE ${INSTALL_NODE} ENV INSTALL_NODE ${INSTALL_NODE}
RUN if [ ${INSTALL_NODE} = true ]; then \ RUN if [ ${INSTALL_NODE} = true ]; then \
# Install nvm (A Node Version Manager) # Install nvm (A Node Version Manager)
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.1/install.sh | bash \ curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.3/install.sh | bash \
;fi ;fi
# Again check if NVM needs to be installed # Again check if NVM needs to be installed
# I had to split this condifiton link this because when I get it inside the above if statment is refuses to work! # I had to split this condition link this because when I get it inside the above if statement is refuses to work!
ENV if [ ${INSTALL_NODE} = true ]; then \ ENV if [ ${INSTALL_NODE} = true ]; then \
# Set the ENV # Set the ENV
NVM_DIR=/root/.nvm \ NVM_DIR=/home/laradock/.nvm \
# Install NodeJS with NVM # Install NodeJS with NVM
RUN . ~/.nvm/nvm.sh && \ RUN . ~/.nvm/nvm.sh && \
nvm install stable && \ nvm install stable && \
@@ -99,6 +112,14 @@ ENV if [ ${INSTALL_NODE} = true ]; then \
npm install -g gulp bower \ npm install -g gulp bower \
;fi ;fi
# Wouldn't execute when added to the RUN statement in the above block
# Source NVM when loading bash since ~/.profile isn't loaded on non-login shell
RUN if [ ${INSTALL_NODE} = true ]; then \
echo "" >> ~/.bashrc && \
echo 'export NVM_DIR="$HOME/.nvm"' >> ~/.bashrc && \
echo '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm' >> ~/.bashrc \
;fi
# #
#-------------------------------------------------------------------------- #--------------------------------------------------------------------------
# Final Touch # Final Touch
@@ -106,6 +127,7 @@ ENV if [ ${INSTALL_NODE} = true ]; then \
# #
# Clean up # Clean up
USER root
RUN apt-get clean && \ RUN apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*