From a9b26d2b23257ac169a9a654a0062ff80d22eb87 Mon Sep 17 00:00:00 2001
From: Eric Swanson <eswanson@alloscomp.com>
Date: Sat, 6 Aug 2016 20:10:20 +0000
Subject: [PATCH] Update Dockerfile to run as non-privileged user

---
 Dockerfile | 9 ++++++++-
 README.md  | 6 ++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index eb43ee2..c60ba02 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,13 +4,20 @@ MAINTAINER Carlo Eugster <carlo@relaun.ch>
 
 RUN  apt-get update \
   && apt-get install -y wget \
+  && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
+RUN useradd -m -d /opt/factorio -s /bin/bash factorio \
+  && chown -R factorio.factorio /opt/factorio
+USER factorio
+ENV HOME /opt/factorio
+WORKDIR /opt/factorio
+
 RUN  wget -q -O - https://www.factorio.com/download-headless/stable | grep -o -m1 "/get-download/.*/headless/linux64" | awk '{print "--no-check-certificate https://www.factorio.com"$1" -O /tmp/factorio.tar.gz"}' | xargs wget \
   && tar -xzf /tmp/factorio.tar.gz -C /opt \
   && rm -rf /tmp/factorio.tar.gz
 
 ADD  init.sh /opt/factorio/
 
-WORKDIR /opt/factorio
+EXPOSE 34197/udp
 CMD ["./init.sh"]
diff --git a/README.md b/README.md
index 95ae7c9..5899252 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,12 @@ docker run -d \
 Use a docker volume to persist the savegames on the host machine rather than in the docker container.
 
 ```bash
+mkdir $(pwd)/saves
+
+# Make sure the saves dir can be written to by the "factorio" user in Docker, with uid 1000
+sudo chown 1000:1000 $(pwd)/saves
+# (alternatively, if you don't have root): chmod 777 $(pwd)/saves
+
 docker run -d \
            -v $(pwd)/saves:/opt/factorio/saves \
            -p 34197:34197/udp \