From 644dcc1641624700033b0865f8360a5264e51585 Mon Sep 17 00:00:00 2001
From: Matthias <xmatthias@outlook.com>
Date: Thu, 8 Apr 2021 20:36:10 +0200
Subject: [PATCH] Only allow chown via sudo

---
 Dockerfile               |  2 +-
 Dockerfile.armhf         |  2 +-
 docker/Dockerfile.custom | 13 ++++++++-----
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ac48ea611..a6dc9a991 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,7 +16,7 @@ RUN mkdir /freqtrade \
   && useradd -u 1000 -G sudo -U -m ftuser \
   && chown ftuser:ftuser /freqtrade \
   # Allow sudoers
-  && echo "ftuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+  && echo "ftuser ALL=(ALL) NOPASSWD: /bin/chown" >> /etc/sudoers
 
 WORKDIR /freqtrade
 
diff --git a/Dockerfile.armhf b/Dockerfile.armhf
index 62ef165c0..909c44eaa 100644
--- a/Dockerfile.armhf
+++ b/Dockerfile.armhf
@@ -16,7 +16,7 @@ RUN mkdir /freqtrade \
   && useradd -u 1000 -G sudo -U -m ftuser \
   && chown ftuser:ftuser /freqtrade \
   # Allow sudoers
-  && echo "ftuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+  && echo "ftuser ALL=(ALL) NOPASSWD: /bin/chown" >> /etc/sudoers
 
 WORKDIR /freqtrade
 
diff --git a/docker/Dockerfile.custom b/docker/Dockerfile.custom
index a7c599fa8..3b55fcb0e 100644
--- a/docker/Dockerfile.custom
+++ b/docker/Dockerfile.custom
@@ -1,7 +1,10 @@
 FROM freqtradeorg/freqtrade:develop
 
-RUN sudo apt-get update \
-    && sudo apt-get -y install git \
-    && sudo apt-get clean \
-    # The below dependency - pyti - serves as an example. Please use whatever you need!
-    && pip install --user pyti
+# Switch user to root if you must install something from apt
+# Don't forget to switch the user back below!
+# USER root
+
+# The below dependency - pyti - serves as an example. Please use whatever you need!
+RUN pip install --user pyti
+
+# USER ftuser