From ced3ea0282abcab399b8067cb2ab7a1e3bd3ee2d Mon Sep 17 00:00:00 2001
From: Stephen Guglielmo <srg@temple.edu>
Date: Mon, 29 Jun 2020 19:30:00 -0400
Subject: [PATCH] Use a numeric USER instruction in Dockerfiles

---
 Base/Dockerfile                   | 12 ++++++++----
 Hub/Dockerfile                    |  2 +-
 Hub/Dockerfile.txt                |  2 +-
 NodeBase/Dockerfile               |  2 +-
 NodeBase/Dockerfile.txt           |  2 +-
 NodeChrome/Dockerfile             |  2 +-
 NodeChrome/Dockerfile.txt         |  2 +-
 NodeChromeDebug/Dockerfile        |  2 +-
 NodeDebug/Dockerfile.txt          |  2 +-
 NodeFirefox/Dockerfile            |  2 +-
 NodeFirefox/Dockerfile.txt        |  2 +-
 NodeFirefoxDebug/Dockerfile       |  2 +-
 NodeOpera/Dockerfile              |  2 +-
 NodeOpera/Dockerfile.txt          |  2 +-
 NodeOperaDebug/Dockerfile         |  2 +-
 Standalone/Dockerfile.txt         |  2 +-
 StandaloneChrome/Dockerfile       |  2 +-
 StandaloneChromeDebug/Dockerfile  |  2 +-
 StandaloneFirefox/Dockerfile      |  2 +-
 StandaloneFirefoxDebug/Dockerfile |  2 +-
 StandaloneOpera/Dockerfile        |  2 +-
 StandaloneOperaDebug/Dockerfile   |  2 +-
 22 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/Base/Dockerfile b/Base/Dockerfile
index e635f9cd4..5687853d6 100644
--- a/Base/Dockerfile
+++ b/Base/Dockerfile
@@ -41,11 +41,15 @@ RUN echo "${TZ}" > /etc/timezone \
   && dpkg-reconfigure --frontend noninteractive tzdata
 
 #========================================
-# Add normal user with passwordless sudo
+# Add normal user and group with passwordless sudo
 #========================================
-RUN useradd seluser \
-         --shell /bin/bash  \
+RUN groupadd seluser \
+         --gid 1201 \
+  && useradd seluser \
          --create-home \
+         --gid 1201 \
+         --shell /bin/bash \
+         --uid 1200 \
   && usermod -a -G sudo seluser \
   && echo 'ALL ALL = (ALL) NOPASSWD: ALL' >> /etc/sudoers \
   && echo 'seluser:secret' | chpasswd
@@ -75,7 +79,7 @@ RUN  mkdir -p /opt/selenium /var/run/supervisor /var/log/supervisor \
 #===================================================
 # Run the following commands as non-privileged user
 #===================================================
-USER seluser
+USER 1200:1201
 
 
 CMD ["/opt/bin/entry_point.sh"]
diff --git a/Hub/Dockerfile b/Hub/Dockerfile
index 27cb8ced8..13626c13e 100644
--- a/Hub/Dockerfile
+++ b/Hub/Dockerfile
@@ -5,7 +5,7 @@
 FROM selenium/base:3.141.59-20200525
 LABEL authors=SeleniumHQ
 
-USER seluser
+USER 1200
 
 #========================
 # Selenium Configuration
diff --git a/Hub/Dockerfile.txt b/Hub/Dockerfile.txt
index b65202fae..956612582 100644
--- a/Hub/Dockerfile.txt
+++ b/Hub/Dockerfile.txt
@@ -1,4 +1,4 @@
-USER seluser
+USER 1200
 
 #========================
 # Selenium Configuration
diff --git a/NodeBase/Dockerfile b/NodeBase/Dockerfile
index 6c4b704ec..bc8edb5f8 100644
--- a/NodeBase/Dockerfile
+++ b/NodeBase/Dockerfile
@@ -75,7 +75,7 @@ RUN apt-get -qqy update \
 # Run the following commands as non-privileged user
 #===================================================
 
-USER seluser
+USER 1200
 
 #==============================
 # Scripts to run Selenium Node and XVFB
diff --git a/NodeBase/Dockerfile.txt b/NodeBase/Dockerfile.txt
index f3a281135..615f00bfb 100644
--- a/NodeBase/Dockerfile.txt
+++ b/NodeBase/Dockerfile.txt
@@ -68,7 +68,7 @@ RUN apt-get -qqy update \
 # Run the following commands as non-privileged user
 #===================================================
 
-USER seluser
+USER 1200
 
 #==============================
 # Scripts to run Selenium Node and XVFB
diff --git a/NodeChrome/Dockerfile b/NodeChrome/Dockerfile
index 9eff903d0..ec668d22e 100644
--- a/NodeChrome/Dockerfile
+++ b/NodeChrome/Dockerfile
@@ -32,7 +32,7 @@ RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key
 COPY wrap_chrome_binary /opt/bin/wrap_chrome_binary
 RUN /opt/bin/wrap_chrome_binary
 
-USER seluser
+USER 1200
 
 #============================================
 # Chrome webdriver
diff --git a/NodeChrome/Dockerfile.txt b/NodeChrome/Dockerfile.txt
index 5bea94806..2b4bad0eb 100644
--- a/NodeChrome/Dockerfile.txt
+++ b/NodeChrome/Dockerfile.txt
@@ -25,7 +25,7 @@ RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key
 COPY wrap_chrome_binary /opt/bin/wrap_chrome_binary
 RUN /opt/bin/wrap_chrome_binary
 
-USER seluser
+USER 1200
 
 #============================================
 # Chrome webdriver
diff --git a/NodeChromeDebug/Dockerfile b/NodeChromeDebug/Dockerfile
index 95358df36..8894663f7 100644
--- a/NodeChromeDebug/Dockerfile
+++ b/NodeChromeDebug/Dockerfile
@@ -24,7 +24,7 @@ RUN apt-get update -qqy \
     fluxbox \
   && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 
-USER seluser
+USER 1200
 
 #==============================
 # Generating the VNC password as seluser
diff --git a/NodeDebug/Dockerfile.txt b/NodeDebug/Dockerfile.txt
index df2a5ae2c..7b89e6f88 100644
--- a/NodeDebug/Dockerfile.txt
+++ b/NodeDebug/Dockerfile.txt
@@ -17,7 +17,7 @@ RUN apt-get update -qqy \
     fluxbox \
   && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 
-USER seluser
+USER 1200
 
 #==============================
 # Generating the VNC password as seluser
diff --git a/NodeFirefox/Dockerfile b/NodeFirefox/Dockerfile
index 955ee24d9..1f9e06b6d 100644
--- a/NodeFirefox/Dockerfile
+++ b/NodeFirefox/Dockerfile
@@ -37,7 +37,7 @@ RUN GK_VERSION=$(if [ ${GECKODRIVER_VERSION:-latest} = "latest" ]; then echo "0.
   && chmod 755 /opt/geckodriver-$GK_VERSION \
   && ln -fs /opt/geckodriver-$GK_VERSION /usr/bin/geckodriver
 
-USER seluser
+USER 1200
 
 COPY generate_config /opt/bin/generate_config
 
diff --git a/NodeFirefox/Dockerfile.txt b/NodeFirefox/Dockerfile.txt
index a1ee6a28e..ac0245b12 100644
--- a/NodeFirefox/Dockerfile.txt
+++ b/NodeFirefox/Dockerfile.txt
@@ -30,7 +30,7 @@ RUN GK_VERSION=$(if [ ${GECKODRIVER_VERSION:-latest} = "latest" ]; then echo "0.
   && chmod 755 /opt/geckodriver-$GK_VERSION \
   && ln -fs /opt/geckodriver-$GK_VERSION /usr/bin/geckodriver
 
-USER seluser
+USER 1200
 
 COPY generate_config /opt/bin/generate_config
 
diff --git a/NodeFirefoxDebug/Dockerfile b/NodeFirefoxDebug/Dockerfile
index ba44115e7..de739c973 100644
--- a/NodeFirefoxDebug/Dockerfile
+++ b/NodeFirefoxDebug/Dockerfile
@@ -24,7 +24,7 @@ RUN apt-get update -qqy \
     fluxbox \
   && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 
-USER seluser
+USER 1200
 
 #==============================
 # Generating the VNC password as seluser
diff --git a/NodeOpera/Dockerfile b/NodeOpera/Dockerfile
index 2164ca4b7..44d3aff93 100644
--- a/NodeOpera/Dockerfile
+++ b/NodeOpera/Dockerfile
@@ -39,7 +39,7 @@ RUN wget -q -O - https://deb.opera.com/archive.key | apt-key add - \
 COPY wrap_opera_binary /opt/bin/wrap_opera_binary
 RUN /opt/bin/wrap_opera_binary
 
-USER seluser
+USER 1200
 
 #=====================
 # Opera webdriver
diff --git a/NodeOpera/Dockerfile.txt b/NodeOpera/Dockerfile.txt
index 9d2189341..cbd82ff36 100644
--- a/NodeOpera/Dockerfile.txt
+++ b/NodeOpera/Dockerfile.txt
@@ -32,7 +32,7 @@ RUN wget -q -O - https://deb.opera.com/archive.key | apt-key add - \
 COPY wrap_opera_binary /opt/bin/wrap_opera_binary
 RUN /opt/bin/wrap_opera_binary
 
-USER seluser
+USER 1200
 
 #=====================
 # Opera webdriver
diff --git a/NodeOperaDebug/Dockerfile b/NodeOperaDebug/Dockerfile
index 3e03bc008..88738febc 100644
--- a/NodeOperaDebug/Dockerfile
+++ b/NodeOperaDebug/Dockerfile
@@ -24,7 +24,7 @@ RUN apt-get update -qqy \
     fluxbox \
   && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 
-USER seluser
+USER 1200
 
 #==============================
 # Generating the VNC password as seluser
diff --git a/Standalone/Dockerfile.txt b/Standalone/Dockerfile.txt
index 22c00fa7f..bc39fb4ff 100644
--- a/Standalone/Dockerfile.txt
+++ b/Standalone/Dockerfile.txt
@@ -1,4 +1,4 @@
-USER seluser
+USER 1200
 
 #====================================
 # Scripts to run Selenium Standalone
diff --git a/StandaloneChrome/Dockerfile b/StandaloneChrome/Dockerfile
index f7d441a6c..7567d4f14 100644
--- a/StandaloneChrome/Dockerfile
+++ b/StandaloneChrome/Dockerfile
@@ -5,7 +5,7 @@
 FROM selenium/node-chrome:3.141.59-20200525
 LABEL authors=SeleniumHQ
 
-USER seluser
+USER 1200
 
 #====================================
 # Scripts to run Selenium Standalone
diff --git a/StandaloneChromeDebug/Dockerfile b/StandaloneChromeDebug/Dockerfile
index 7035f77cd..1ba8972cc 100644
--- a/StandaloneChromeDebug/Dockerfile
+++ b/StandaloneChromeDebug/Dockerfile
@@ -5,7 +5,7 @@
 FROM selenium/node-chrome-debug:3.141.59-20200525
 LABEL authors=SeleniumHQ
 
-USER seluser
+USER 1200
 
 #====================================
 # Scripts to run Selenium Standalone
diff --git a/StandaloneFirefox/Dockerfile b/StandaloneFirefox/Dockerfile
index a558ded85..c82eb2de4 100644
--- a/StandaloneFirefox/Dockerfile
+++ b/StandaloneFirefox/Dockerfile
@@ -5,7 +5,7 @@
 FROM selenium/node-firefox:3.141.59-20200525
 LABEL authors=SeleniumHQ
 
-USER seluser
+USER 1200
 
 #====================================
 # Scripts to run Selenium Standalone
diff --git a/StandaloneFirefoxDebug/Dockerfile b/StandaloneFirefoxDebug/Dockerfile
index b292eaaa8..19b9a293c 100644
--- a/StandaloneFirefoxDebug/Dockerfile
+++ b/StandaloneFirefoxDebug/Dockerfile
@@ -5,7 +5,7 @@
 FROM selenium/node-firefox-debug:3.141.59-20200525
 LABEL authors=SeleniumHQ
 
-USER seluser
+USER 1200
 
 #====================================
 # Scripts to run Selenium Standalone
diff --git a/StandaloneOpera/Dockerfile b/StandaloneOpera/Dockerfile
index b37fe0e21..67a58b289 100644
--- a/StandaloneOpera/Dockerfile
+++ b/StandaloneOpera/Dockerfile
@@ -5,7 +5,7 @@
 FROM selenium/node-opera:3.141.59-20200525
 LABEL authors=SeleniumHQ
 
-USER seluser
+USER 1200
 
 #====================================
 # Scripts to run Selenium Standalone
diff --git a/StandaloneOperaDebug/Dockerfile b/StandaloneOperaDebug/Dockerfile
index 43b9f8c90..77779074c 100644
--- a/StandaloneOperaDebug/Dockerfile
+++ b/StandaloneOperaDebug/Dockerfile
@@ -5,7 +5,7 @@
 FROM selenium/node-opera-debug:3.141.59-20200525
 LABEL authors=SeleniumHQ
 
-USER seluser
+USER 1200
 
 #====================================
 # Scripts to run Selenium Standalone