Update dockerfiles to run as non-root

Dockerfile

@@ -5,10 +5,19 @@ ENV LANG C.UTF-8
 ENV LC_ALL C.UTF-8
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONFAULTHANDLER 1
-ENV PATH=/root/.local/bin:$PATH
+ENV PATH=/home/ftuser/.local/bin:$PATH
+ENV FT_APP_ENV="docker"
 
 # Prepare environment
-RUN mkdir /freqtrade
+RUN mkdir /freqtrade \
+  && apt update \
+  && apt install -y sudo \
+  && apt-get clean \
+  && useradd -u 1000 -G sudo -U -m ftuser \
+  && chown ftuser:ftuser /freqtrade \
+  # Allow sudoers
+  && echo "ftuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
 WORKDIR /freqtrade
 
 # Install dependencies
@@ -24,7 +33,8 @@ RUN cd /tmp && /tmp/install_ta-lib.sh && rm -r /tmp/*ta-lib*
 ENV LD_LIBRARY_PATH /usr/local/lib
 
 # Install dependencies
-COPY requirements.txt requirements-hyperopt.txt /freqtrade/
+COPY --chown=ftuser:ftuser requirements.txt requirements-hyperopt.txt /freqtrade/
+USER ftuser
 RUN  pip install --user --no-cache-dir numpy \
   && pip install --user --no-cache-dir -r requirements-hyperopt.txt
 
@@ -33,13 +43,13 @@ FROM base as runtime-image
 COPY --from=python-deps /usr/local/lib /usr/local/lib
 ENV LD_LIBRARY_PATH /usr/local/lib
 
-COPY --from=python-deps /root/.local /root/.local
-
-
+COPY --from=python-deps /home/ftuser/.local /home/ftuser/.local
 
+USER ftuser
 # Install and execute
-COPY . /freqtrade/
-RUN pip install -e . --no-cache-dir \
+COPY --chown=ftuser:ftuser . /freqtrade/
+
+RUN pip install -e . --user --no-cache-dir \
   && mkdir /freqtrade/user_data/ \
   && freqtrade install-ui
 

Dockerfile.armhf

@@ -5,15 +5,20 @@ ENV LANG C.UTF-8
 ENV LC_ALL C.UTF-8
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONFAULTHANDLER 1
-ENV PATH=/root/.local/bin:$PATH
+ENV PATH=/home/ftuser/.local/bin:$PATH
+ENV FT_APP_ENV="docker"
 
 # Prepare environment
-RUN mkdir /freqtrade
-WORKDIR /freqtrade
+RUN mkdir /freqtrade \
+  && apt-get update \
+  && apt-get -y install libatlas3-base curl sqlite3 libhdf5-serial-dev sudo \
+  && apt-get clean \
+  && useradd -u 1000 -G sudo -U -m ftuser \
+  && chown ftuser:ftuser /freqtrade \
+  # Allow sudoers
+  && echo "ftuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 
-RUN  apt-get update \
-  && apt-get -y install libatlas3-base curl sqlite3 \
-  && apt-get clean
+WORKDIR /freqtrade
 
 # Install dependencies
 FROM base as python-deps
@@ -37,13 +42,14 @@ FROM base as runtime-image
 COPY --from=python-deps /usr/local/lib /usr/local/lib
 ENV LD_LIBRARY_PATH /usr/local/lib
 
-COPY --from=python-deps /root/.local /root/.local
+COPY --from=python-deps /home/ftuser/.local /home/ftuser/.local
 
+USER ftuser
 # Install and execute
-COPY . /freqtrade/
-RUN apt-get install -y libhdf5-serial-dev \
-  && apt-get clean \
-  && pip install -e . --no-cache-dir \
+COPY --chown=ftuser:ftuser . /freqtrade/
+
+RUN pip install -e . --user --no-cache-dir \
+  && mkdir /freqtrade/user_data/ \
   && freqtrade install-ui
 
 ENTRYPOINT ["freqtrade"]

docker/Dockerfile.custom

@@ -1,7 +1,7 @@
 FROM freqtradeorg/freqtrade:develop
 
-RUN apt-get update \
-    && apt-get -y install git \
-    && apt-get clean \
+RUN sudo apt-get update \
+    && sudo apt-get -y install git \
+    && sudo apt-get clean \
     # The below dependency - pyti - serves as an example. Please use whatever you need!
-    && pip install pyti
+    && pip install --user pyti

docker/Dockerfile.develop

@@ -3,8 +3,8 @@ FROM freqtradeorg/freqtrade:develop
 # Install dependencies
 COPY requirements-dev.txt /freqtrade/
 
-RUN pip install numpy --no-cache-dir \
-  && pip install -r requirements-dev.txt --no-cache-dir
+RUN pip install numpy --user --no-cache-dir \
+  && pip install -r requirements-dev.txt --user --no-cache-dir
 
 # Empty the ENTRYPOINT to allow all commands
 ENTRYPOINT []

docker/Dockerfile.jupyter

@@ -1,7 +1,7 @@
 FROM freqtradeorg/freqtrade:develop_plot
 
 
-RUN pip install jupyterlab --no-cache-dir
+RUN pip install jupyterlab --user --no-cache-dir
 
 # Empty the ENTRYPOINT to allow all commands
 ENTRYPOINT []

docker/Dockerfile.plot

@@ -4,4 +4,4 @@ FROM freqtradeorg/freqtrade:${sourceimage}
 # Install dependencies
 COPY requirements-plot.txt /freqtrade/
 
-RUN pip install -r requirements-plot.txt --no-cache-dir
+RUN pip install -r requirements-plot.txt --user --no-cache-dir