demouser/demoapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pin app user to uid/gid=1000 for Clouderized bind mount compatibility

Browse Source 
Clouderized platform convention: all containers run as uid=1000/gid=1000
so data directories (owned by host cldrzd user) are writable without
insecure world-write permissions.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
davidtio
2026-02-28 18:47:21 +08:00
parent 4760fd22c0
commit 776a6e8973
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -19,7 +19,7 @@ RUN sbt "set test in assembly := false" assembly
# === Runtime stage === # === Runtime stage ===
FROM eclipse-temurin:25-jre-alpine FROM eclipse-temurin:25-jre-alpine
RUN addgroup -S app && adduser -S app -G app RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
RUN mkdir -p /data && chown app:app /data RUN mkdir -p /data && chown app:app /data
WORKDIR /app WORKDIR /app