Merge pull request #550 from jupyter-on-openshift/user-as-integer-uid

Use NB_UID for USER statement in Dockerfile so deployment platform can verify that image doesn't run as root.

Merge pull request #550 from jupyter-on-openshift/user-as-integer-uid
Use NB_UID for USER statement in Dockerfile so deployment platform can verify that image doesn't run as root.
600ea660 · Min RK · GitHub · c5480001 · 770007bb · 600ea660
Commit 600ea660 authored Feb 16, 2018 by Min RK Committed by GitHub Feb 16, 2018
8 changed files
--- a/all-spark-notebook/Dockerfile
+++ b/all-spark-notebook/Dockerfile
@@ -19,7 +19,7 @@ RUN apt-get update && \
    gcc && apt-get clean && \
    rm -rf /var/lib/apt/lists/*
-USER $NB_USER
+USER $NB_UID
 # R packages
 RUN conda install --quiet --yes \

--- a/base-notebook/Dockerfile
+++ b/base-notebook/Dockerfile
@@ -53,7 +53,7 @@ RUN useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \
    fix-permissions $HOME && \
    fix-permissions $CONDA_DIR
-USER $NB_USER
+USER $NB_UID
 # Setup work directory for backward-compatibility
 RUN mkdir /home/$NB_USER/work && \
@@ -101,4 +101,4 @@ COPY jupyter_notebook_config.py /etc/jupyter/
 RUN fix-permissions /etc/jupyter/
 # Switch back to jovyan to avoid accidental container runs as root
-USER $NB_USER
+USER $NB_UID
--- a/base-notebook/Dockerfile.ppc64le
+++ b/base-notebook/Dockerfile.ppc64le
@@ -55,7 +55,7 @@ RUN useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \
    mkdir -p $CONDA_DIR && \
    chown $NB_USER $CONDA_DIR
-USER $NB_USER
+USER $NB_UID
 # Setup jovyan home directory
 RUN mkdir /home/$NB_USER/work && \
@@ -98,4 +98,4 @@ COPY jupyter_notebook_config.py /home/$NB_USER/.jupyter/
 RUN chown -R $NB_USER:users /home/$NB_USER/.jupyter
 # Switch back to jovyan to avoid accidental container runs as root
-USER $NB_USER
+USER $NB_UID
--- a/datascience-notebook/Dockerfile
+++ b/datascience-notebook/Dockerfile
@@ -36,7 +36,7 @@ RUN mkdir /etc/julia && \
    chown $NB_USER $JULIA_PKGDIR && \
    fix-permissions $JULIA_PKGDIR
-USER $NB_USER
+USER $NB_UID
 # R packages including IRKernel which gets installed globally.
 RUN conda config --system --append channels r && \

--- a/minimal-notebook/Dockerfile
+++ b/minimal-notebook/Dockerfile
@@ -32,4 +32,4 @@ RUN apt-get update && apt-get install -yq --no-install-recommends \
    rm -rf /var/lib/apt/lists/*
 # Switch back to jovyan to avoid accidental container runs as root
-USER $NB_USER
+USER $NB_UID
--- a/pyspark-notebook/Dockerfile
+++ b/pyspark-notebook/Dockerfile
@@ -38,4 +38,4 @@ ENV PYTHONPATH $SPARK_HOME/python:$SPARK_HOME/python/lib/py4j-0.10.4-src.zip
 ENV MESOS_NATIVE_LIBRARY /usr/local/lib/libmesos.so
 ENV SPARK_OPTS --driver-java-options=-Xms1024M --driver-java-options=-Xmx4096M --driver-java-options=-Dlog4j.logLevel=info
-USER $NB_USER
+USER $NB_UID
--- a/r-notebook/Dockerfile
+++ b/r-notebook/Dockerfile
@@ -15,7 +15,7 @@ RUN apt-get update && \
    gcc && apt-get clean && \
    rm -rf /var/lib/apt/lists/*
-USER $NB_USER
+USER $NB_UID
 # R packages
 RUN conda install --quiet --yes \

--- a/scipy-notebook/Dockerfile
+++ b/scipy-notebook/Dockerfile
@@ -12,7 +12,7 @@ RUN apt-get update && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*
-USER $NB_USER
+USER $NB_UID
 # Install Python 3 packages
 # Remove pyqt and qt pulled in for matplotlib since we're only ever going to
@@ -65,4 +65,4 @@ ENV XDG_CACHE_HOME /home/$NB_USER/.cache/
 RUN MPLBACKEND=Agg python -c "import matplotlib.pyplot" && \
    fix-permissions /home/$NB_USER
-USER $NB_USER
+USER $NB_UID