From 4b7b5bea1553de43a7712989b784d3d5191c0dd0 Mon Sep 17 00:00:00 2001
From: jerryaldrichiii <jerryaldrichiii@gmail.com>
Date: Tue, 1 Oct 2019 00:19:01 -0700
Subject: [PATCH] Add non-root user to Dockerfile for extra security

Signed-off-by: jerryaldrichiii <jerryaldrichiii@gmail.com>
---
 Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 2b74b4e4cc..55b61023f6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -66,6 +66,13 @@ WORKDIR /usr/src/game
 # set bash prompt
 ENV PS1 "evennia|docker \w $ "
 
+# create and switch to a non-root user for runtime security
+# -D - do not set a password
+# -H - do not create a home directory
+# -s /bin/false - set login shell to /bin/false
+RUN adduser -D -H -s /bin/false evennia
+USER evennia
+
 # startup a shell when we start the container
 ENTRYPOINT ["/usr/src/evennia/bin/unix/evennia-docker-start.sh"]