Running a node app as a non root user in docker

For a couple of days I’ve been trying to run a node app as a non root user inside a Docker container using docker-compose. No matter what I try, I get the same EACCES: permission denied errors, more specifically it seems to be an issue with the start scripts:

Error: EACCES: permission denied, open '/home/dev/learn-node/public/dist/App.bundle.js'
    npm info
        lifecycle dang-thats-delicious@0.0.0~assets: Failed to exec assets script

I don’t see any of these issues when I simply comment out the USER dev line in the Dockerfile and remain as root. I have tried many different variations of commands in my Dockerfile but switching to the dev user seems to cause the issue.

  • Docker caching for travis builds
  • How does Vagrant automatically install Docker on CentOS?
  • Python exceptions in Docker logs marked as stream: stdout
  • Docker: Refer to registry by ip address
  • Dockerfile production/build/debug/test environment
  • Nginx in Docker container gets `connection reset` error, but works fine without a container
  • This is what the scripts section of my package.json looks like

    "scripts": {
        "prod": "node ./start.js",
        "watch": "nodemon ./start.js --ignore public/",
        "start": "concurrently \"npm run watch\" \"npm run assets\" --names \"💻,📦\" --prefix name",
        "assets": "webpack -w --display-max-modules 0",
        "sample": "node ./data/load-sample-data.js",
        "blowitallaway": "node ./data/load-sample-data.js --delete",
        "now": "now -e DB_USER=@db_user -e DB_PASS=@db_pass -e NODE_ENV=\"production\" -e PORT=80"
      },
    

    I think the overarching issue that I haven’t understood some fundamental principles regarding permissions. I want to be non root in the interest of security. Please advise.

    Dockerfile:

    FROM node
    
    RUN apt-get update && apt-get -y install curl \
        apt-utils \
        locales \
        nano \
        python && \
        useradd --user-group --create-home --shell /bin/false dev && \
        sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
        locale-gen
    
    # Set the locale
    # RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
        # locale-gen
    
    ENV LANG en_US.UTF-8  
    ENV LANGUAGE en_US:en  
    ENV LC_ALL en_US.UTF-8 
    
    ENV HOME=/home/dev
    WORKDIR $HOME/learn-node
    COPY package.json $HOME/learn-node/
    RUN chown -R dev:dev $HOME//*
    
    # npm has read write issues when switching to dev user
    RUN npm install
    RUN chown -R dev:dev /home/dev/.config
    USER dev
    CMD ["npm", "start"]
    

  • With jwilder nginx-proxy, how to proxypass a subdirectory url to a specific container?
  • change ip address for docker
  • How to store PostgreSQL state in Docker hosts
  • dockerized HAProxy+Keepalived for HA
  • Installing docker 17 version on centos 7
  • docker build does not sustain processes
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.