From 8316aa026f33520774be5bc2fbad624f9c29ae6f Mon Sep 17 00:00:00 2001
From: Peter Petrov <onestone@gmail.com>
Date: Wed, 11 Feb 2015 15:47:36 +0200
Subject: [PATCH 1/2] Run as a non-privileged user by default

---
 1.2/Dockerfile         | 4 +++-
 1.2/onbuild/Dockerfile | 2 +-
 1.2/slim/Dockerfile    | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/1.2/Dockerfile b/1.2/Dockerfile
index 00c5988..797ff6c 100644
--- a/1.2/Dockerfile
+++ b/1.2/Dockerfile
@@ -1,5 +1,7 @@
 FROM buildpack-deps:jessie
 
+RUN groupadd --gid 25000 app && useradd --uid 25000 --gid 25000 --create-home --shell /bin/bash app
+
 # gpg keys listed at https://github.com/iojs/io.js
 RUN gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B DD8F2338BAE7501E3DD5AC78C273792F7D83545D
 
@@ -12,4 +14,4 @@ RUN curl -SLO "https://iojs.org/dist/v$IOJS_VERSION/iojs-v$IOJS_VERSION-linux-x6
   && tar -xzf "iojs-v$IOJS_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
   && rm "iojs-v$IOJS_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc
 
-CMD [ "iojs" ]
+CMD [ "su", "-c", "\"iojs\"", "app" ]
diff --git a/1.2/onbuild/Dockerfile b/1.2/onbuild/Dockerfile
index d6f1e30..5441fbc 100644
--- a/1.2/onbuild/Dockerfile
+++ b/1.2/onbuild/Dockerfile
@@ -7,4 +7,4 @@ ONBUILD COPY package.json /usr/src/app/
 ONBUILD RUN npm install
 ONBUILD COPY . /usr/src/app
 
-CMD [ "npm", "start" ]
+CMD [ "su", "-c", "\"npm start\"", "app" ]
diff --git a/1.2/slim/Dockerfile b/1.2/slim/Dockerfile
index 4ed5831..1b7688d 100644
--- a/1.2/slim/Dockerfile
+++ b/1.2/slim/Dockerfile
@@ -1,5 +1,7 @@
 FROM buildpack-deps:jessie-curl
 
+RUN groupadd --gid 25000 app && useradd --uid 25000 --gid 25000 --create-home --shell /bin/bash app
+
 # gpg keys listed at https://github.com/iojs/io.js
 RUN gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B DD8F2338BAE7501E3DD5AC78C273792F7D83545D
 
@@ -12,4 +14,4 @@ RUN curl -SLO "https://iojs.org/dist/v$IOJS_VERSION/iojs-v$IOJS_VERSION-linux-x6
   && tar -xzf "iojs-v$IOJS_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
   && rm "iojs-v$IOJS_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc
 
-CMD [ "iojs" ]
+CMD [ "su", "-c", "\"iojs\"", "app" ]

From fb0c8b5c201d62533f0e9d68440c7f4cf43e34da Mon Sep 17 00:00:00 2001
From: Peter Petrov <onestone@gmail.com>
Date: Wed, 11 Feb 2015 16:20:08 +0200
Subject: [PATCH 2/2] Fix su invocation

---
 1.2/Dockerfile         | 2 +-
 1.2/onbuild/Dockerfile | 2 +-
 1.2/slim/Dockerfile    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/1.2/Dockerfile b/1.2/Dockerfile
index 797ff6c..2d41be4 100644
--- a/1.2/Dockerfile
+++ b/1.2/Dockerfile
@@ -14,4 +14,4 @@ RUN curl -SLO "https://iojs.org/dist/v$IOJS_VERSION/iojs-v$IOJS_VERSION-linux-x6
   && tar -xzf "iojs-v$IOJS_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
   && rm "iojs-v$IOJS_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc
 
-CMD [ "su", "-c", "\"iojs\"", "app" ]
+CMD [ "su", "-c", "iojs", "app" ]
diff --git a/1.2/onbuild/Dockerfile b/1.2/onbuild/Dockerfile
index 5441fbc..6dca899 100644
--- a/1.2/onbuild/Dockerfile
+++ b/1.2/onbuild/Dockerfile
@@ -7,4 +7,4 @@ ONBUILD COPY package.json /usr/src/app/
 ONBUILD RUN npm install
 ONBUILD COPY . /usr/src/app
 
-CMD [ "su", "-c", "\"npm start\"", "app" ]
+CMD [ "su", "-c", "npm start", "app" ]
diff --git a/1.2/slim/Dockerfile b/1.2/slim/Dockerfile
index 1b7688d..c5d8be0 100644
--- a/1.2/slim/Dockerfile
+++ b/1.2/slim/Dockerfile
@@ -14,4 +14,4 @@ RUN curl -SLO "https://iojs.org/dist/v$IOJS_VERSION/iojs-v$IOJS_VERSION-linux-x6
   && tar -xzf "iojs-v$IOJS_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
   && rm "iojs-v$IOJS_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc
 
-CMD [ "su", "-c", "\"iojs\"", "app" ]
+CMD [ "su", "-c", "iojs", "app" ]