From 1e0c4eae576c52088d3cc0521606b4777f02dda0 Mon Sep 17 00:00:00 2001
From: Pat Wood <Pat.Wood@fiery.com>
Date: Thu, 25 Jul 2024 19:41:32 -0400
Subject: [PATCH] Cleaned up worker user setup and workdir ownership. Don't
 make worker a system user -- no need for that.

---
 Dockerfile.external | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Dockerfile.external b/Dockerfile.external
index 3e2530e..8a3ee40 100644
--- a/Dockerfile.external
+++ b/Dockerfile.external
@@ -23,9 +23,11 @@ ENV PORT=8080
 EXPOSE 8080
 
 # Prepare a non-root user
-RUN adduser --system worker
+RUN adduser --group worker
+RUN adduser --ingroup worker worker
 WORKDIR /home/worker/app
 
+RUN chown worker /home/worker/app
 RUN mkdir local_data; chown worker local_data
 RUN mkdir models; chown worker models
 COPY --chown=worker --from=dependencies /home/worker/app/.venv/ .venv
@@ -37,4 +39,4 @@ COPY --chown=worker scripts/ scripts
 ENV PYTHONPATH="$PYTHONPATH:/private_gpt/"
 
 USER worker
-ENTRYPOINT python -m private_gpt
\ No newline at end of file
+ENTRYPOINT python -m private_gpt