From ce183405ad384f755952aa66e2fddb9f4a877114 Mon Sep 17 00:00:00 2001
From: Dominik George <dominik.george@teckids.org>
Date: Mon, 22 Mar 2021 12:52:19 +0100
Subject: [PATCH] [Docker] Drop privileges to www-data after container build

---
 Dockerfile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 9d8886f92..fb54a4503 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -78,3 +78,11 @@ RUN set -e; \
     apt-get clean -y; \
     rm -f /var/lib/apt/lists/*_*; \
     rm -rf /root/.cache
+
+# Drop privileges for runtime
+FROM clean AS unprivileged
+WORKDIR /var/lib/aleksis
+RUN chown -R www-data:www-data \
+        /var/lib/aleksis \
+        /usr/share/aleksis/static
+USER www-data:www-data
-- 
GitLab