From 8238a4955413d8c2365f6e4e13e9d8744e707eaa Mon Sep 17 00:00:00 2001
From: Sven Gottwald <2502366+svengo@users.noreply.github.com>
Date: Wed, 10 Mar 2021 15:11:20 +0100
Subject: [PATCH] Update Dockerfile

For security reasons, run the Docker container as an unprivileged user
---
 Dockerfile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 7f1f69b..38dd2e0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,12 @@
 FROM python:3.7-slim
 ADD . /code
 WORKDIR /code
-RUN pip install -r requirements.txt
+RUN \
+  groupadd -r webssh && \
+  useradd -r -s /bin/false -g webssh webssh && \
+  chown -R webssh:webssh /code && \
+  pip install -r requirements.txt
+
+EXPOSE 8888/tcp
+USER webssh
 CMD ["python", "run.py"]