run as non-root in docker

build/Dockerfile

@@ -25,4 +25,11 @@ COPY gpgparams entrypoint.sh /protonmail/
 # Copy protonmail
 COPY --from=build /build/proton-bridge/proton-bridge /protonmail/
 
+# Add a user 'protonmail' with UID 8535
+RUN useradd -u 8535 -d /home/protonmail protonmail \
+    && mkdir -p /home/protonmail \
+    && chown protonmail: /home/protonmail
+# change to non-privileged user for extra security
+USER protonmail
+
 ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]

build/entrypoint.sh

@@ -2,6 +2,11 @@
 
 set -ex
 
+id
+# Go to current user's homedir
+cd
+echo $PWD
+
 # Initialize
 if [[ $1 == init ]]; then