Add application user

multistage-build/Dockerfile

@@ -1,5 +1,10 @@
 FROM python:3.11-slim-bookworm
 
+# uid to run application
+ARG USER=1000
+# gid to run application
+ARG USER_GROUP=1000
+
 # set virtual env path
 ENV \
     PATH=/venv/bin:$PATH
@@ -19,11 +24,15 @@ RUN \
 # copy app files to /app directory
 COPY ./app .
 
-# install dependencies && cleanup
+# set permissions to log directory and install dependencies && cleanup
 RUN \
+    chown -R ${USER}:${USER_GROUP} /app/log && \
     pip install -r requirements.txt && \
     apt purge --auto-remove -y
 
+# set user to run application
+USER ${USER}:${USER_GROUP}
+
 # start shell script when container starts
 ENTRYPOINT ["/app/run.sh"]
 

multistage-build/Dockerfile.multistage

@@ -23,6 +23,11 @@ RUN \
 
 FROM python:3.11-slim-bookworm
 
+# uid to run application
+ARG USER=1000
+# gid to run application
+ARG USER_GROUP=1000
+
 # set virtual env path
 ENV \
     PATH=/venv/bin:$PATH
@@ -38,11 +43,11 @@ COPY --from=install-dependencies /venv /venv
 # copy app files to /app directory
 COPY ./app .
 
-RUN ls -alF /
-RUN ls -alF /venv
-RUN ls -alF /venv/bin
-RUN ls -alF /app
+# set permissions to log directory
+RUN chown -R ${USER}:${USER_GROUP} /app/log
 
+# set user to run application
+USER ${USER}:${USER_GROUP}
 
 # start shell script when container starts
 ENTRYPOINT ["/app/run.sh"]

multistage-build/Makefile

@@ -22,6 +22,7 @@ run:
 		--name $(IMAGE_NAME) \
 		--publish 3000:3000 \
 		--env CONTAINER_NAME="Awesome API server" \
+		--volume /var/log/api-server:/app/log \
 		--detach \
 		$(CONTAINER_NAME)