Skip to content

Commit ebc4d30

Browse files
gustavovalverdegustavovalverde
committed
fix(docker): resolve user creation issues in Dockerfile
- Move WORKDIR after user creation to prevent home directory ownership issues - Properly set environment variables for UID, GID, HOME, and USER in each stage - Reorganize Dockerfile to ensure home directory is created after user setup - Fix interactive prompts during adduser by ensuring proper directory ownership
1 parent 1424dd5 commit ebc4d30

File tree

1 file changed

+16
-16
lines changed

1 file changed

+16
-16
lines changed

docker/Dockerfile

+16-16
Original file line numberDiff line numberDiff line change
@@ -60,14 +60,6 @@ ARG SHORT_SHA
6060
# https://github.com/ZcashFoundation/zebra/blob/9ebd56092bcdfc1a09062e15a0574c94af37f389/zebrad/src/application.rs#L179-L182
6161
ENV SHORT_SHA=${SHORT_SHA:-}
6262

63-
# Set the working directory for the build.
64-
ARG HOME
65-
WORKDIR ${HOME}
66-
ENV HOME=${HOME}
67-
ENV CARGO_HOME="${HOME}/.cargo/"
68-
69-
ENV USER=${USER}
70-
7163
# This stage builds tests without running them.
7264
#
7365
# We also download needed dependencies for tests to work, from other images.
@@ -84,15 +76,22 @@ ENV ZEBRA_SKIP_IPV6_TESTS=${ZEBRA_SKIP_IPV6_TESTS:-1}
8476
# This environment setup is almost identical to the `runtime` target so that the
8577
# `tests` target differs minimally. In fact, a subset of this setup is used for
8678
# the `runtime` target.
87-
8879
ARG UID
80+
ENV UID=${UID}
8981
ARG GID
82+
ENV GID=${GID}
9083
ARG HOME
84+
ENV HOME=${HOME}
9185
ARG USER
86+
ENV USER=${USER}
9287

9388
RUN addgroup --gid ${GID} ${USER} && \
9489
adduser --gid ${GID} --uid ${UID} --home ${HOME} ${USER}
9590

91+
# Set the working directory for the build.
92+
WORKDIR ${HOME}
93+
ENV CARGO_HOME="${HOME}/.cargo/"
94+
9695
# Build Zebra test binaries, but don't run them
9796

9897
# Leverage a cache mount to /usr/local/cargo/registry/
@@ -193,13 +192,7 @@ ARG FEATURES
193192
ENV FEATURES=${FEATURES}
194193

195194
# Create a non-privileged system user for running `zebrad`.
196-
ARG USER
197-
ENV USER=${USER}
198-
199-
# System users have no home dirs, but we set one for users' convenience.
200-
ARG HOME
201-
WORKDIR ${HOME}
202-
195+
#
203196
# We use a high UID/GID (10001) to avoid overlap with host system users.
204197
# This reduces the risk of container user namespace conflicts with host accounts,
205198
# which could potentially lead to privilege escalation if a container escape occurs.
@@ -216,10 +209,17 @@ ARG UID
216209
ENV UID=${UID}
217210
ARG GID
218211
ENV GID=${GID}
212+
ARG HOME
213+
ENV HOME=${HOME}
214+
ARG USER
215+
ENV USER=${USER}
219216

220217
RUN addgroup --gid ${GID} ${USER} && \
221218
adduser --gid ${GID} --uid ${UID} --home ${HOME} ${USER}
222219

220+
# System users have no home dirs, but we set one for users' convenience.
221+
WORKDIR ${HOME}
222+
223223
# We set the default locations of the conf and cache dirs according to the XDG
224224
# spec: https://specifications.freedesktop.org/basedir-spec/latest/
225225

0 commit comments

Comments
 (0)