From 6127642d3038e2d4f9b760c93cf4a405ffbcb3a6 Mon Sep 17 00:00:00 2001
From: Jerome Ducret <jdiphone34@gmail.com>
Date: Sun, 21 Aug 2022 23:06:14 +0200
Subject: Securize Dockerfile (#506)

---
 Dockerfile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'Dockerfile')

diff --git a/Dockerfile b/Dockerfile
index 408d3992..178c883f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM lukemathwalker/cargo-chef:latest-rust-1.59 AS chef
+FROM lukemathwalker/cargo-chef:latest-rust-1.63 AS chef
 WORKDIR app
 
 FROM chef AS planner
@@ -16,9 +16,13 @@ RUN cargo chef cook --release --recipe-path recipe.json
 COPY . .
 RUN cargo build --release --bin atuin
 
-FROM debian:bullseye-20211011-slim AS runtime
+FROM debian:bullseye-20220801-slim AS runtime
+
+RUN useradd -c 'atuin user' atuin && mkdir /config && chown atuin:atuin /config
 WORKDIR app
 
+USER atuin
+
 ENV TZ=Etc/UTC
 ENV RUST_LOG=atuin::api=info
 ENV ATUIN_CONFIG_DIR=/config
-- 
cgit v1.3.1