From 7e75c34b8eba61e55d5206e551044e497410ba2b Mon Sep 17 00:00:00 2001
From: Florian Rinke <github+syncplay-server@florianrinke.de>
Date: Fri, 11 Oct 2024 16:29:35 +0200
Subject: [PATCH] update: run as non-root user

---
 Dockerfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index b93f870..78e568a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,9 +19,15 @@ RUN mkdir $(basename /usr/local/lib/python3.*/) && cd ./python3.*/ && \
 COPY ./boot.py /release/bin/syncplay
 
 FROM ${PYTHON}
+ARG USER_UID=800
+ARG USER_GID=800
 RUN sh -c '[ $(getconf LONG_BIT) -eq 64 ] || apk add --no-cache libgcc'
 COPY --from=syncplay /release/ /usr/
 ENV PYTHONUNBUFFERED=1
 EXPOSE 8999
 WORKDIR /data/
+RUN addgroup -g "${USER_GID}" -S syncplay && \
+    adduser -u "${USER_UID}" -S syncplay -G syncplay && \
+    chown -R syncplay:syncplay /data
+USER syncplay
 ENTRYPOINT ["syncplay"]