Running a node app as a non root user in docker

For a couple of days I’ve been trying to run a node app as a non root user inside a Docker container using docker-compose. No matter what I try, I get the same EACCES: permission denied errors, more specifically it seems to be an issue with the start scripts:

Error: EACCES: permission denied, open '/home/dev/learn-node/public/dist/App.bundle.js'
    npm info
        lifecycle dang-thats-delicious@0.0.0~assets: Failed to exec assets script

I don’t see any of these issues when I simply comment out the USER dev line in the Dockerfile and remain as root. I have tried many different variations of commands in my Dockerfile but switching to the dev user seems to cause the issue.

  • How to auto start docker when synology restart
  • Docker mounted volume - how to give cassandra permission to write to mounted volume folder
  • Docker C++ development and CI
  • Update of Docker intermediate images
  • Kubernetes - how to send request to all the minions?
  • Eureka on docker container : unknown host exception
  • This is what the scripts section of my package.json looks like

    "scripts": {
        "prod": "node ./start.js",
        "watch": "nodemon ./start.js --ignore public/",
        "start": "concurrently \"npm run watch\" \"npm run assets\" --names \"💻,📦\" --prefix name",
        "assets": "webpack -w --display-max-modules 0",
        "sample": "node ./data/load-sample-data.js",
        "blowitallaway": "node ./data/load-sample-data.js --delete",
        "now": "now -e DB_USER=@db_user -e DB_PASS=@db_pass -e NODE_ENV=\"production\" -e PORT=80"
      },
    

    I think the overarching issue that I haven’t understood some fundamental principles regarding permissions. I want to be non root in the interest of security. Please advise.

    Dockerfile:

    FROM node
    
    RUN apt-get update && apt-get -y install curl \
        apt-utils \
        locales \
        nano \
        python && \
        useradd --user-group --create-home --shell /bin/false dev && \
        sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
        locale-gen
    
    # Set the locale
    # RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
        # locale-gen
    
    ENV LANG en_US.UTF-8  
    ENV LANGUAGE en_US:en  
    ENV LC_ALL en_US.UTF-8 
    
    ENV HOME=/home/dev
    WORKDIR $HOME/learn-node
    COPY package.json $HOME/learn-node/
    RUN chown -R dev:dev $HOME//*
    
    # npm has read write issues when switching to dev user
    RUN npm install
    RUN chown -R dev:dev /home/dev/.config
    USER dev
    CMD ["npm", "start"]
    

  • Where are my files / Docker Django Digital Ocean
  • Delete a recreate a docker container using the same volume
  • Docker-compose volumes doesn't copy any files
  • docker-compose error when I run bundle
  • How to attach profiler to docker process
  • What is the easiest method to copy files and directories in dockerfile
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.