From ecb4277e69f7522c1d814cc5b041e8137e8f6e18 Mon Sep 17 00:00:00 2001
From: ras07 <17038818+ras07@users.noreply.github.com>
Date: Fri, 21 Jan 2022 14:51:51 -0600
Subject: [PATCH] Run container as non-root `whoogle` user (#617)

Creates a non-root user ("whoogle"), and runs the container as that user.
---
 Dockerfile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 5e9feca..c9f2f20 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,6 +17,8 @@ FROM python:3.8-alpine
 RUN apk add --update --no-cache tor curl bash openrc
 # libcurl4-openssl-dev
 
+ARG DOCKER_USER=whoogle
+ARG DOCKER_USERID=927
 ARG config_dir=/config
 RUN mkdir -p -m 777 $config_dir
 VOLUME $config_dir
@@ -70,6 +72,13 @@ COPY run .
 # Allow writing symlinks to build dir
 RUN chown 102:102 app/static/build
 
+# Create user/group to run as
+RUN adduser -D -g $DOCKER_USERID -u $DOCKER_USERID $DOCKER_USER 
+# Fix ownership / permissions
+RUN	chown -R ${DOCKER_USER}:${DOCKER_USER} /whoogle /var/lib/tor
+
+USER $DOCKER_USER:$DOCKER_USER
+
 EXPOSE $EXPOSE_PORT
 
 HEALTHCHECK  --interval=30s --timeout=5s \