From b7ea97c246db52657d2822c5089f0aaf6a032749 Mon Sep 17 00:00:00 2001
From: Nico Aymet <nico.aymet@sysco.biz>
Date: Tue, 10 Jun 2025 19:11:37 +0100
Subject: [PATCH] Set permission to write logs and cache on /tmp/npm in case
 container run as non root

---
 APIReference/Dockerfile.tpl          | 2 ++
 Accounts/Dockerfile.tpl              | 2 ++
 AdminDashboard/Dockerfile.tpl        | 2 ++
 App/Dockerfile.tpl                   | 2 ++
 Copilot/Dockerfile.tpl               | 2 ++
 Dashboard/Dockerfile.tpl             | 2 ++
 Docs/Dockerfile.tpl                  | 2 ++
 E2E/Dockerfile.tpl                   | 3 ++-
 FluentIngest/Dockerfile.tpl          | 2 ++
 Haraka/Dockerfile.tpl                | 2 ++
 Home/Dockerfile.tpl                  | 2 ++
 IncomingRequestIngest/Dockerfile.tpl | 2 ++
 IsolatedVM/Dockerfile.tpl            | 2 ++
 OpenTelemetryIngest/Dockerfile.tpl   | 2 ++
 Probe/Dockerfile.tpl                 | 2 ++
 ProbeIngest/Dockerfile.tpl           | 2 ++
 ServerMonitorIngest/Dockerfile.tpl   | 2 ++
 StatusPage/Dockerfile.tpl            | 2 ++
 TestServer/Dockerfile.tpl            | 2 ++
 Tests/Dockerfile.tpl                 | 2 ++
 Worker/Dockerfile.tpl                | 2 ++
 Workflow/Dockerfile.tpl              | 2 ++
 22 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/APIReference/Dockerfile.tpl b/APIReference/Dockerfile.tpl
index 86e44a47a6..9508e0592a 100644
--- a/APIReference/Dockerfile.tpl
+++ b/APIReference/Dockerfile.tpl
@@ -65,6 +65,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./APIReference /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/Accounts/Dockerfile.tpl b/Accounts/Dockerfile.tpl
index c68fc5b489..ebc84bb2b1 100644
--- a/Accounts/Dockerfile.tpl
+++ b/Accounts/Dockerfile.tpl
@@ -83,6 +83,8 @@ COPY ./Accounts /usr/src/app
 # Bundle app source
 
 RUN npm run build
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/AdminDashboard/Dockerfile.tpl b/AdminDashboard/Dockerfile.tpl
index e2ff96fc82..3c83316c5d 100644
--- a/AdminDashboard/Dockerfile.tpl
+++ b/AdminDashboard/Dockerfile.tpl
@@ -79,6 +79,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./AdminDashboard /usr/src/app
 # Bundle app source
 RUN npm run build
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/App/Dockerfile.tpl b/App/Dockerfile.tpl
index f57c208609..3b618c01de 100644
--- a/App/Dockerfile.tpl
+++ b/App/Dockerfile.tpl
@@ -65,6 +65,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./App /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/Copilot/Dockerfile.tpl b/Copilot/Dockerfile.tpl
index 427d2ea74b..f4d972ff11 100644
--- a/Copilot/Dockerfile.tpl
+++ b/Copilot/Dockerfile.tpl
@@ -73,6 +73,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./Copilot /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
\ No newline at end of file
diff --git a/Dashboard/Dockerfile.tpl b/Dashboard/Dockerfile.tpl
index 2ace42e856..ccc3717003 100644
--- a/Dashboard/Dockerfile.tpl
+++ b/Dashboard/Dockerfile.tpl
@@ -73,6 +73,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./Dashboard /usr/src/app
 # Bundle app source
 RUN npm run build
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/Docs/Dockerfile.tpl b/Docs/Dockerfile.tpl
index 0b25174091..324eed28aa 100644
--- a/Docs/Dockerfile.tpl
+++ b/Docs/Dockerfile.tpl
@@ -65,6 +65,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./Docs /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/E2E/Dockerfile.tpl b/E2E/Dockerfile.tpl
index 326286b3a9..c635fa0332 100644
--- a/E2E/Dockerfile.tpl
+++ b/E2E/Dockerfile.tpl
@@ -58,6 +58,7 @@ RUN npm install
 COPY ./E2E /usr/src/app
 
 RUN npm run compile
-
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "test" ]
\ No newline at end of file
diff --git a/FluentIngest/Dockerfile.tpl b/FluentIngest/Dockerfile.tpl
index 4296bd466c..d3bb505979 100644
--- a/FluentIngest/Dockerfile.tpl
+++ b/FluentIngest/Dockerfile.tpl
@@ -77,6 +77,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./FluentIngest /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/Haraka/Dockerfile.tpl b/Haraka/Dockerfile.tpl
index 96f24846f8..211c7e9313 100644
--- a/Haraka/Dockerfile.tpl
+++ b/Haraka/Dockerfile.tpl
@@ -63,6 +63,8 @@ COPY ./Haraka/package-lock.json /harakaapp/package-lock.json
 
 # Install dependencies
 RUN cd /harakaapp && npm install
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 
 EXPOSE 2525
 EXPOSE 110
diff --git a/Home/Dockerfile.tpl b/Home/Dockerfile.tpl
index 07e80a19c3..68e0645024 100644
--- a/Home/Dockerfile.tpl
+++ b/Home/Dockerfile.tpl
@@ -69,6 +69,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./Home /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/IncomingRequestIngest/Dockerfile.tpl b/IncomingRequestIngest/Dockerfile.tpl
index 48228fa474..84613dcb08 100644
--- a/IncomingRequestIngest/Dockerfile.tpl
+++ b/IncomingRequestIngest/Dockerfile.tpl
@@ -77,6 +77,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./IncomingRequestIngest /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/IsolatedVM/Dockerfile.tpl b/IsolatedVM/Dockerfile.tpl
index a014d81692..1e65b9b86b 100644
--- a/IsolatedVM/Dockerfile.tpl
+++ b/IsolatedVM/Dockerfile.tpl
@@ -73,6 +73,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./IsolatedVM /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/OpenTelemetryIngest/Dockerfile.tpl b/OpenTelemetryIngest/Dockerfile.tpl
index 0db3215332..82cb9b109a 100644
--- a/OpenTelemetryIngest/Dockerfile.tpl
+++ b/OpenTelemetryIngest/Dockerfile.tpl
@@ -77,6 +77,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./OpenTelemetryIngest /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/Probe/Dockerfile.tpl b/Probe/Dockerfile.tpl
index 800ef6c2fe..897fea441e 100644
--- a/Probe/Dockerfile.tpl
+++ b/Probe/Dockerfile.tpl
@@ -81,6 +81,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./Probe /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/ProbeIngest/Dockerfile.tpl b/ProbeIngest/Dockerfile.tpl
index bbcb554eee..40f357e05f 100644
--- a/ProbeIngest/Dockerfile.tpl
+++ b/ProbeIngest/Dockerfile.tpl
@@ -77,6 +77,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./ProbeIngest /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/ServerMonitorIngest/Dockerfile.tpl b/ServerMonitorIngest/Dockerfile.tpl
index 7a2b739e57..e87ed10acc 100644
--- a/ServerMonitorIngest/Dockerfile.tpl
+++ b/ServerMonitorIngest/Dockerfile.tpl
@@ -77,6 +77,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./ServerMonitorIngest /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/StatusPage/Dockerfile.tpl b/StatusPage/Dockerfile.tpl
index d7c8d25d0a..fa87a9ecb6 100644
--- a/StatusPage/Dockerfile.tpl
+++ b/StatusPage/Dockerfile.tpl
@@ -80,6 +80,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./StatusPage /usr/src/app
 # Bundle app source
 RUN npm run build
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/TestServer/Dockerfile.tpl b/TestServer/Dockerfile.tpl
index 620052d831..123f22eb04 100644
--- a/TestServer/Dockerfile.tpl
+++ b/TestServer/Dockerfile.tpl
@@ -72,6 +72,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./TestServer /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/Tests/Dockerfile.tpl b/Tests/Dockerfile.tpl
index c802fd2738..1feec3ff3a 100644
--- a/Tests/Dockerfile.tpl
+++ b/Tests/Dockerfile.tpl
@@ -25,5 +25,7 @@ RUN apk add bash
 COPY ./Tests .
 
 RUN chmod -R +x Scripts
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 
 CMD ["bash start.sh"]
\ No newline at end of file
diff --git a/Worker/Dockerfile.tpl b/Worker/Dockerfile.tpl
index 6e7fc4294f..f7aed764f5 100644
--- a/Worker/Dockerfile.tpl
+++ b/Worker/Dockerfile.tpl
@@ -61,6 +61,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./Worker /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}
diff --git a/Workflow/Dockerfile.tpl b/Workflow/Dockerfile.tpl
index 3fceaf4c57..8b91b619db 100644
--- a/Workflow/Dockerfile.tpl
+++ b/Workflow/Dockerfile.tpl
@@ -61,6 +61,8 @@ CMD [ "npm", "run", "dev" ]
 COPY ./Workflow /usr/src/app
 # Bundle app source
 RUN npm run compile
+# Set permission to write logs and cache in case container run as non root
+RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
 #Run the app
 CMD [ "npm", "start" ]
 {{ end }}