From 06fc79571c979d4fc3ff1442df5fedfc3c2cf2c3 Mon Sep 17 00:00:00 2001
From: LECZYF <filipleczycki@gmail.com>
Date: Wed, 5 Aug 2020 18:38:09 +0200
Subject: [PATCH] Implemented running gateway container as non root user

---
 gateway/Dockerfile | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/gateway/Dockerfile b/gateway/Dockerfile
index 1512053f7..6db63a1ca 100644
--- a/gateway/Dockerfile
+++ b/gateway/Dockerfile
@@ -18,10 +18,18 @@ RUN echo $SC_VERSION && wget https://storage.googleapis.com/space-cloud/mission-
 FROM alpine:3.10
 ARG SC_VERSION=0.18.4
 
-RUN apk --no-cache add ca-certificates
+RUN apk --no-cache add ca-certificates && \
+    addgroup -S spacecloud && adduser -S spacecloud -G spacecloud && \
+    mkdir -p /home/spacecloud/.space-cloud/mission-control-v$SC_VERSION && \
+    chown -R spacecloud:spacecloud /home/spacecloud/.space-cloud && \
+    mkdir /app && \
+    chown -R spacecloud:spacecloud /app 
+
+COPY --chown=spacecloud:spacecloud --from=0 /build/build /home/spacecloud/.space-cloud/mission-control-v$SC_VERSION/build
+COPY --chown=spacecloud:spacecloud --from=0 /build/app /app
+
+USER spacecloud:spacecloud
 
 WORKDIR /app
-COPY --from=0 /build/build /root/.space-cloud/mission-control-v$SC_VERSION/build
-COPY --from=0 /build/app .
 
 CMD ["./app", "run"]