From f31f2d74b7b367afd4102ab60108ed314027c8cb Mon Sep 17 00:00:00 2001
From: Aaron Guise <aaron@guise.net.nz>
Date: Mon, 18 Mar 2024 10:13:45 +1300
Subject: [PATCH] SECURITY: Run as non-privileged user

---
 Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 50950ee..8277b02 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,12 +4,19 @@ FROM golang:1.22 as build
 COPY . /opt/project/
 WORKDIR /opt/project
 
+# Install Pre-Requisites
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates=20230311
+# Create a user
+RUN useradd --no-create-home --system --shell /bin/false ddnsuser
 
 RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o /cloudflare-ddns-updater
 
 FROM scratch
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=build /cloudflare-ddns-updater /cloudflare-ddns-updater
+COPY --from=build /bin/false /bin/false
+COPY --from=build /etc/passwd /etc/passwd
+
+USER nobody
 ENTRYPOINT ["/cloudflare-ddns-updater"]
 CMD ["cloudflare-ddns-updater"]
\ No newline at end of file