Merge pull request #6040 from ipfs/revert-5048-docker-non-root

Revert "Really run as non-root user in docker container"
ipfs · Mar 4, 2019 · e767ec4 · e767ec4
2 parents 71d7cf7 + 9f74e12
commit e767ec4
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 9 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -60,15 +60,12 @@ EXPOSE 8080
 # Swarm Websockets; must be exposed publicly when the node is listening using the websocket transport (/ipX/.../tcp/8081/ws).
 EXPOSE 8081
 
-# Create the fs-repo directory
+# Create the fs-repo directory and switch to a non-privileged user.
 ENV IPFS_PATH /data/ipfs
 RUN mkdir -p $IPFS_PATH \
   && adduser -D -h $IPFS_PATH -u 1000 -G users ipfs \
   && chown ipfs:users $IPFS_PATH
 
-# Switch to a non-privileged user
-USER ipfs
-
 # Expose the fs-repo as a volume.
 # start_ipfs initializes an fs-repo if none is mounted.
 # Important this happens after the USER directive so permission are correct.

diff --git a/Dockerfile.fast b/Dockerfile.fast
@@ -53,18 +53,14 @@ EXPOSE 5001
 EXPOSE 8080
 EXPOSE 8081
 
-# Create the fs-repo directory
+# Create the fs-repo directory and switch to a non-privileged user.
 ENV IPFS_PATH /data/ipfs
 RUN mkdir -p $IPFS_PATH \
   && useradd -s /usr/sbin/nologin -d $IPFS_PATH -u 1000 -G users ipfs \
   && chown ipfs:users $IPFS_PATH
 
-# Switch to a non-privileged user
-USER ipfs
-
 # Expose the fs-repo as a volume.
 # start_ipfs initializes an fs-repo if none is mounted.
-# Important this happens after the USER directive so permission are correct.
 VOLUME $IPFS_PATH
 
 # The default logging level