Revert "Really run as non-root user in docker container"

2026-02-21 10:27:46 +08:00 · 2019-03-03 16:20:54 +00:00 · 2019-03-03 16:20:54 +00:00 · 9f74e12103
commit 9f74e12103
parent 71d7cf7b0d
2 changed files with 2 additions and 9 deletions
--- a/5
+++ b/5
@ -60,15 +60,12 @@ EXPOSE 8080
 # Swarm Websockets; must be exposed publicly when the node is listening using the websocket transport (/ipX/.../tcp/8081/ws).
 EXPOSE 8081

-# Create the fs-repo directory
+# Create the fs-repo directory and switch to a non-privileged user.
 ENV IPFS_PATH /data/ipfs
 RUN mkdir -p $IPFS_PATH \
  && adduser -D -h $IPFS_PATH -u 1000 -G users ipfs \
  && chown ipfs:users $IPFS_PATH

-# Switch to a non-privileged user
-USER ipfs
-
 # Expose the fs-repo as a volume.
 # start_ipfs initializes an fs-repo if none is mounted.
 # Important this happens after the USER directive so permission are correct.
--- a/Dockerfile.fast
+++ b/Dockerfile.fast
@ -53,18 +53,14 @@ EXPOSE 5001
 EXPOSE 8080
 EXPOSE 8081

-# Create the fs-repo directory
+# Create the fs-repo directory and switch to a non-privileged user.
 ENV IPFS_PATH /data/ipfs
 RUN mkdir -p $IPFS_PATH \
  && useradd -s /usr/sbin/nologin -d $IPFS_PATH -u 1000 -G users ipfs \
  && chown ipfs:users $IPFS_PATH

-# Switch to a non-privileged user
-USER ipfs
-
 # Expose the fs-repo as a volume.
 # start_ipfs initializes an fs-repo if none is mounted.
-# Important this happens after the USER directive so permission are correct.
 VOLUME $IPFS_PATH

 # The default logging level