Spaces:
Running
Running
fix: user access limit
Browse files- Dockerfile +13 -0
Dockerfile
CHANGED
|
@@ -34,6 +34,19 @@ RUN pip install --no-cache-dir -r requirements.txt
|
|
| 34 |
# 复制项目文件
|
| 35 |
COPY . .
|
| 36 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 37 |
# 在构建时进行HF认证(如果token可用)
|
| 38 |
ARG Assitant_tocken
|
| 39 |
RUN if [ -n "$Assitant_tocken" ]; then \
|
|
|
|
| 34 |
# 复制项目文件
|
| 35 |
COPY . .
|
| 36 |
|
| 37 |
+
# ==================== 新增指令开始 ====================
|
| 38 |
+
# 创建一个非 root 用户来运行应用,增加安全性
|
| 39 |
+
RUN useradd --create-home --shell /bin/bash appuser
|
| 40 |
+
|
| 41 |
+
# 预先创建 huggingface 的缓存目录,并把整个 /app 目录的所有权
|
| 42 |
+
# 递归地(-R)交给 appuser 用户
|
| 43 |
+
RUN mkdir -p /app/.cache/huggingface && chown -R appuser:appuser /app
|
| 44 |
+
|
| 45 |
+
# 切换到 appuser 用户来执行后续的命令
|
| 46 |
+
USER appuser
|
| 47 |
+
# ==================== 新增指令结束 ====================
|
| 48 |
+
|
| 49 |
+
|
| 50 |
# 在构建时进行HF认证(如果token可用)
|
| 51 |
ARG Assitant_tocken
|
| 52 |
RUN if [ -n "$Assitant_tocken" ]; then \
|