From 619c4e1180d3af8403a87255344a18dde381cb4e Mon Sep 17 00:00:00 2001
From: Dave Page <dpage@pgadmin.org>
Date: Mon, 9 Dec 2019 11:09:46 +0530
Subject: [PATCH] Run pgAdmin in the container as a non-root user (pgadmin,
 UID: 5050). Fixes #4939.

---
 Dockerfile                        | 15 ++++++++++++++-
 docs/en_US/release_notes_4_16.rst |  1 +
 pkg/docker/entrypoint.sh          |  7 ++++---
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2f7da8ca8..6be2f6f47 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -160,7 +160,9 @@ RUN apk add --no-cache --virtual \
     apk add \
         postfix \
         postgresql-client \
-        postgresql-libs && \
+        postgresql-libs \
+        shadow \
+        libcap && \
     pip install --upgrade pip && \
     pip install --no-cache-dir -r requirements.txt && \
     pip install --no-cache-dir gunicorn==19.9.0 && \
@@ -177,6 +179,17 @@ COPY pkg/docker/entrypoint.sh /entrypoint.sh
 # Precompile and optimize python code to save time and space on startup
 RUN python -O -m compileall -x node_modules /pgadmin4
 
+RUN groupadd -g 5050 pgadmin && \
+    useradd -r -u 5050 -g pgadmin pgadmin && \
+    mkdir -p /var/lib/pgadmin && \
+    chown pgadmin:pgadmin /var/lib/pgadmin && \
+    mkdir -p /var/log/pgadmin && \
+    chown pgadmin:pgadmin /var/log/pgadmin && \
+    touch /pgadmin4/config_distro.py && \
+    chown pgadmin:pgadmin /pgadmin4/config_distro.py && \
+    setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/python3.7
+USER pgadmin
+
 # Finish up
 VOLUME /var/lib/pgadmin
 EXPOSE 80 443
diff --git a/docs/en_US/release_notes_4_16.rst b/docs/en_US/release_notes_4_16.rst
index 021ad831a..ce274ea6d 100644
--- a/docs/en_US/release_notes_4_16.rst
+++ b/docs/en_US/release_notes_4_16.rst
@@ -14,6 +14,7 @@ New features
 | `Issue #4711 <https://redmine.postgresql.org/issues/4711>`_ -  Use a 'play' icon for the Execute Query button in the Query Tool for greater consistency with other applications.
 | `Issue #4772 <https://redmine.postgresql.org/issues/4772>`_ -  Added aria-label to provide an invisible label where a visible label cannot be used.
 | `Issue #4773 <https://redmine.postgresql.org/issues/4773>`_ -  Added role="status" attribute to all the status messages for accessibility.
+| `Issue #4939 <https://redmine.postgresql.org/issues/4939>`_ -  Run pgAdmin in the container as a non-root user (pgadmin, UID: 5050)
 | `Issue #4944 <https://redmine.postgresql.org/issues/4944>`_ -  Allow Gunicorn logs in the container to be directed to a file specified through GUNICORN_ACCESS_LOGFILE.
 | `Issue #4990 <https://redmine.postgresql.org/issues/4990>`_ -  Changed the open query tool and data filter icons.
 
diff --git a/pkg/docker/entrypoint.sh b/pkg/docker/entrypoint.sh
index 070aa5579..47d14bf2d 100755
--- a/pkg/docker/entrypoint.sh
+++ b/pkg/docker/entrypoint.sh
@@ -1,9 +1,10 @@
 #!/bin/sh
 
-# Create config_distro.py. This has some default config, as well as anything
+# Populate config_distro.py. This has some default config, as well as anything
 # provided by the user through the PGADMIN_CONFIG_* environment variables.
-# Only write the file on first launch.
-if [ ! -f /pgadmin4/config_distro.py ]; then
+# Only update the file on first launch. The empty file is created during the
+# container build so it can have the required ownership.
+if [ `wc -m /pgadmin4/config_distro.py | awk '{ print $1 }'` = "0" ]; then
     cat << EOF > /pgadmin4/config_distro.py
 HELP_PATH = '../../docs'
 DEFAULT_BINARY_PATHS = {