From 926d2eee1e1695d9efa07f2bd5d2ecd7d87187ce Mon Sep 17 00:00:00 2001
From: mprasil <mprasil@users.noreply.github.com>
Date: Sun, 24 Feb 2019 10:16:48 +0000
Subject: [PATCH] Created Running docker container with non-root user
 (markdown)

---
 ...ing-docker-container-with-non-root-user.md | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 Running-docker-container-with-non-root-user.md

diff --git a/Running-docker-container-with-non-root-user.md b/Running-docker-container-with-non-root-user.md
new file mode 100644
index 0000000..6a2cdfe
--- /dev/null
+++ b/Running-docker-container-with-non-root-user.md
@@ -0,0 +1,29 @@
+By default `mprasil/bitwarden` is using root user to run service inside the container. There are few things you need to set to run the container as non-root user if you wish to do so:
+
+1. Make sure that the directory, you're mounting inside the container will be writable by the user. For example if you decide to run as `nobody`, the directory needs to be writable by user with id 65534. For other ways to specify user inside the container, see the [docker documentation](https://docs.docker.com/engine/reference/run/#user), in our examples here we will use `nobody`.
+
+```bash
+# Make the directory on the host, change this to you preferred path
+sudo mkdir /bw-data
+
+# Set the owner using user id. 
+# Note that the ownership must match user in /etc/passwd *inside* the container, not on your host
+sudo chown 65534 /bw-data
+
+# Give the owner full rights to the folder
+sudo chmod u+rwx /bw-data
+```
+
+2. Start the container with proper parameters. Define the user and make sure to start with port set to `1024` or higher.
+
+```bash
+docker run -d \
+  --name bitwarden \
+  --user nobody \
+  -e ROCKET_PORT=1024 \
+  -v /bw-data/:/data/ \
+  -p 80:1024 \
+  mprasil/bitwarden:latest
+```
+
+Notice that the port mapping (`-p 80:1024`) reflects the `ROCKET_PORT` setting. 
\ No newline at end of file