From 22136256a4178e4121db29baee8d809af013a25b Mon Sep 17 00:00:00 2001
From: Jean-Michel DILLY <jm@dilly.me>
Date: Sat, 9 Mar 2019 23:22:03 +0100
Subject: [PATCH] Start monerod as non root user

---
 Dockerfile | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 9fe7cfb8f..d932e0173 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -185,8 +185,14 @@ RUN set -ex && \
     rm -rf /var/lib/apt
 COPY --from=builder /src/build/release/bin /usr/local/bin/
 
+# Create monero user
+RUN adduser --system --group --disabled-password monero && \
+	mkdir -p /wallet /home/monero/.bitmonero && \
+	chown -R monero:monero /home/monero/.bitmonero && \
+	chown -R monero:monero /wallet
+
 # Contains the blockchain
-VOLUME /root/.bitmonero
+VOLUME /home/monero/.bitmonero
 
 # Generate your wallet via accessing the container and run:
 # cd /wallet
@@ -196,5 +202,8 @@ VOLUME /wallet
 EXPOSE 18080
 EXPOSE 18081
 
+# switch to user monero
+USER monero
+
 ENTRYPOINT ["monerod", "--p2p-bind-ip=0.0.0.0", "--p2p-bind-port=18080", "--rpc-bind-ip=0.0.0.0", "--rpc-bind-port=18081", "--non-interactive", "--confirm-external-bind"]