Docker user fix

backend/Dockerfile

@@ -1,10 +1,16 @@
 FROM python:3.11-slim
 
+# Install gosu for privilege dropping
+RUN apt-get update && apt-get install -y --no-install-recommends gosu && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /app
 
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 
 COPY . .
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
 
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

backend/entrypoint.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+set -e
+
+# Default values
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
+
+# Create group if it doesn't exist
+if ! getent group $PGID > /dev/null; then
+  addgroup --gid $PGID appuser 2>/dev/null || true
+fi
+
+# Create user if it doesn't exist
+if ! getent passwd $PUID > /dev/null; then
+  useradd -u $PUID -g $PGID -m -s /bin/bash appuser 2>/dev/null || true
+fi
+
+# Set ownership of app directory
+mkdir -p /app/data
+chown -R $PUID:$PGID /app
+
+# Run command as the created user
+exec gosu $PUID:$PGID python -m uvicorn app.main:app --host 0.0.0.0 --port 8000 --reload

docker-compose.yml

@@ -12,7 +12,8 @@ services:
       - ./data:/app/data
     environment:
       - DATABASE_URL=sqlite:///./data/drugs.db
-    command: uvicorn app.main:app --host ${BACKEND_HOST} --port 8000 --reload
+      - PUID=1001
+      - PGID=1001
 
   frontend:
     image: nginx:alpine