Hugging Face's logo

Spaces:
Pawitt
/
space
Sleeping

App Files Community
Pawitt commited on
Commit
d8ab0f9
·
verified ·
1 Parent(s): 513ece3

Update Dockerfile

Browse files
Files changed (1) hide show
  1. Dockerfile +19 -7
Dockerfile CHANGED
@@ -37,23 +37,33 @@ RUN curl -sL https://deb.nodesource.com/setup_21.x | bash - && \
37
  # Create a working directory
38
  WORKDIR /app
39
 
40
- # Remove non-root user creation section
 
 
 
 
 
 
 
 
41
 
42
  # Set up the Conda environment
43
  ENV CONDA_AUTO_UPDATE_CONDA=false \
44
- PATH=/root/miniconda/bin:$PATH
45
  RUN curl -sLo ~/miniconda.sh https://repo.continuum.io/miniconda/Miniconda3-py39_4.10.3-Linux-x86_64.sh \
46
  && chmod +x ~/miniconda.sh \
47
  && ~/miniconda.sh -b -p ~/miniconda \
48
  && rm ~/miniconda.sh \
49
  && conda clean -ya
50
 
51
- WORKDIR /root/app
52
 
53
  #######################################
54
  # Start root user section
55
  #######################################
56
 
 
 
57
  # User Debian packages
58
  ## Security warning : Potential user code executed as root (build time)
59
  RUN --mount=target=/root/packages.txt,source=packages.txt \
@@ -64,22 +74,24 @@ RUN --mount=target=/root/packages.txt,source=packages.txt \
64
  RUN --mount=target=/root/on_startup.sh,source=on_startup.sh,readwrite \
65
  bash /root/on_startup.sh
66
 
67
- RUN mkdir /data
68
 
69
  #######################################
70
  # End root user section
71
  #######################################
72
 
 
 
73
  # Python packages
74
  RUN --mount=target=requirements.txt,source=requirements.txt \
75
  pip install --no-cache-dir --upgrade -r requirements.txt
76
 
77
- # Copy the current directory contents into the container at /root/app
78
- COPY . /root/app
79
 
80
  RUN chmod +x start_server.sh
81
 
82
- COPY login.html /root/miniconda/lib/python3.9/site-packages/jupyter_server/templates/login.html
83
 
84
  ENV PYTHONUNBUFFERED=1 \
85
  GRADIO_ALLOW_FLAGGING=never \
 
37
  # Create a working directory
38
  WORKDIR /app
39
 
40
+ # Create a root user with the name 'user' and set to root group
41
+ RUN adduser --disabled-password --gecos '' --shell /bin/bash user && \
42
+ usermod -aG sudo user && \
43
+ echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-user
44
+
45
+ # All users can use /home/user as their home directory
46
+ ENV HOME=/home/user
47
+ RUN mkdir $HOME/.cache $HOME/.config \
48
+ && chmod -R 777 $HOME
49
 
50
  # Set up the Conda environment
51
  ENV CONDA_AUTO_UPDATE_CONDA=false \
52
+ PATH=$HOME/miniconda/bin:$PATH
53
  RUN curl -sLo ~/miniconda.sh https://repo.continuum.io/miniconda/Miniconda3-py39_4.10.3-Linux-x86_64.sh \
54
  && chmod +x ~/miniconda.sh \
55
  && ~/miniconda.sh -b -p ~/miniconda \
56
  && rm ~/miniconda.sh \
57
  && conda clean -ya
58
 
59
+ WORKDIR $HOME/app
60
 
61
  #######################################
62
  # Start root user section
63
  #######################################
64
 
65
+ USER root
66
+
67
  # User Debian packages
68
  ## Security warning : Potential user code executed as root (build time)
69
  RUN --mount=target=/root/packages.txt,source=packages.txt \
 
74
  RUN --mount=target=/root/on_startup.sh,source=on_startup.sh,readwrite \
75
  bash /root/on_startup.sh
76
 
77
+ RUN mkdir /data && chown user:user /data
78
 
79
  #######################################
80
  # End root user section
81
  #######################################
82
 
83
+ USER user
84
+
85
  # Python packages
86
  RUN --mount=target=requirements.txt,source=requirements.txt \
87
  pip install --no-cache-dir --upgrade -r requirements.txt
88
 
89
+ # Copy the current directory contents into the container at $HOME/app setting the owner to the user
90
+ COPY --chown=user . $HOME/app
91
 
92
  RUN chmod +x start_server.sh
93
 
94
+ COPY --chown=user login.html /home/user/miniconda/lib/python3.9/site-packages/jupyter_server/templates/login.html
95
 
96
  ENV PYTHONUNBUFFERED=1 \
97
  GRADIO_ALLOW_FLAGGING=never \