From 9e311b4dcbc626159e09cb7485fa0419ea94e4ba Mon Sep 17 00:00:00 2001
From: Chris Kankiewicz <Chris@ChrisKankiewicz.com>
Date: Tue, 29 Nov 2016 09:31:39 -0700
Subject: [PATCH] Don't run service as root

---
 Dockerfile       | 9 +++++++++
 files/config.ini | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index aee1768..27ec9e3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,6 +7,9 @@ ENV MUMBLE_VERSION 1.2.17
 # Create Mumble directories
 RUN mkdir -pv /opt/mumble /etc/mumble
 
+# Create non-root user
+RUN adduser -DHs /sbin/nologin mumble
+
 # Copy config file
 COPY files/config.ini /etc/mumble/config.ini
 
@@ -22,9 +25,15 @@ RUN apk add --update ca-certificates bzip2 tar tzdata wget \
     && wget -qO- ${BZIP_URL} | tar -xjv --strip-components=1 -C /opt/mumble \
     && apk del ca-certificates bzip2 tar wget && rm -rf /var/cache/apk/*
 
+# Chown files
+RUN chown -Rv mumble:mumble /etc/mumble /opt/mumble
+
 # Expose ports
 EXPOSE 64738 64738/udp
 
+# Set running user
+USER mumble
+
 # Set volumes
 VOLUME /etc/mumble
 
diff --git a/files/config.ini b/files/config.ini
index 5ea7536..c322e7d 100644
--- a/files/config.ini
+++ b/files/config.ini
@@ -4,3 +4,7 @@
 # Path to database. If blank, will search for
 # murmur.sqlite in default locations or create it if not found.
 database=/etc/mumble/murmur.sqlite
+
+# If Murmur is started as root, which user should it switch to?
+# This option is ignored if Murmur isn't started with root privileges.
+uname=mumble