run_code as a user instead of root

template/Dockerfile

@@ -1,14 +1,18 @@
 FROM python:3.10.14
 
+ENV HOME=/home/user
+
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends \
   build-essential curl git util-linux jq sudo nodejs npm fonts-noto-cjk
 
+RUN mkdir -p $HOME/.jupyter $HOME/.ipython $HOME/.server
+
 ENV PIP_DEFAULT_TIMEOUT=100 \
   PIP_DISABLE_PIP_VERSION_CHECK=1 \
   PIP_NO_CACHE_DIR=1 \
-  JUPYTER_CONFIG_PATH="/root/.jupyter" \
-  IPYTHON_CONFIG_PATH="/root/.ipython" \
-  SERVER_PATH="/root/.server" \
+  JUPYTER_CONFIG_PATH="$HOME/.jupyter" \
+  IPYTHON_CONFIG_PATH="$HOME/.ipython" \
+  SERVER_PATH="$HOME/.server" \
   R_VERSION=4.4.2
 
 ENV R_HOME=/opt/R/${R_VERSION} \
@@ -32,7 +36,7 @@ RUN ijsinstall --install=global
 COPY --from=denoland/deno:bin-2.0.4 /deno /usr/bin/deno
 RUN chmod +x /usr/bin/deno
 RUN deno jupyter --unstable --install
-COPY ./deno.json /root/.local/share/jupyter/kernels/deno/kernel.json
+COPY ./deno.json $HOME/.local/share/jupyter/kernels/deno/kernel.json
 
 # Bash Kernel
 RUN pip install bash_kernel
@@ -42,13 +46,12 @@ RUN python -m bash_kernel.install
 RUN python -m venv $SERVER_PATH/.venv
 
 # Copy server and its requirements
-RUN mkdir -p $SERVER_PATH/
 COPY ./server/requirements.txt $SERVER_PATH
 RUN $SERVER_PATH/.venv/bin/pip install --no-cache-dir -r $SERVER_PATH/requirements.txt
 COPY ./server $SERVER_PATH
 
 # Copy matplotlibrc
-COPY matplotlibrc /root/.config/matplotlib/.matplotlibrc
+COPY matplotlibrc $HOME/.config/matplotlib/matplotlibrc
 
 # Copy Jupyter configuration
 COPY ./start-up.sh $JUPYTER_CONFIG_PATH/
@@ -62,7 +65,6 @@ COPY ipython_kernel_config.py $IPYTHON_CONFIG_PATH/profile_default/
 RUN mkdir -p $IPYTHON_CONFIG_PATH/profile_default/startup
 COPY startup_scripts/* $IPYTHON_CONFIG_PATH/profile_default/startup
 
-
 COPY --from=eclipse-temurin:11-jdk $JAVA_HOME $JAVA_HOME
 RUN ln -s ${JAVA_HOME}/bin/java /usr/bin/java
 

template/e2b.toml

@@ -9,10 +9,9 @@
 # JS SDK
 # import { Sandbox } from 'e2b'
 # const sandbox = await Sandbox.create('code-interpreter-v1')
-
 team_id = "460355b3-4f64-48f9-9a16-4442817f79f5"
 memory_mb = 1_024
-start_cmd = "/root/.jupyter/start-up.sh"
+start_cmd = "sudo -u user /home/user/.jupyter/start-up.sh"
 dockerfile = "e2b.Dockerfile"
 template_name = "code-interpreter-v1"
-template_id = "nlhz8vlwyupq845jsdg9"
+template_id = "nlhz8vlwyupq845jsdg9"

template/server/main.py

@@ -34,7 +34,7 @@ async def lifespan(app: FastAPI):
     global client
     client = httpx.AsyncClient()
 
-    with open("/root/.jupyter/kernel_id") as file:
+    with open("/home/user/.jupyter/kernel_id") as file:
         default_context_id = file.read().strip()
 
     default_ws = ContextWebSocket(

template/start-up.sh

@@ -20,15 +20,15 @@ function start_jupyter_server() {
 		exit 1
 	fi
 
-	sudo mkdir -p /root/.jupyter
+	mkdir -p /home/user/.jupyter
 	kernel_id=$(echo "${response}" | jq -r '.kernel.id')
-	sudo echo "${kernel_id}" | sudo tee /root/.jupyter/kernel_id >/dev/null
-	sudo echo "${response}" | sudo tee /root/.jupyter/.session_info >/dev/null
+	echo "${kernel_id}" > /home/user/.jupyter/kernel_id
+	echo "${response}" > /home/user/.jupyter/.session_info
 
-	cd /root/.server/
-	/root/.server/.venv/bin/uvicorn main:app --host 0.0.0.0 --port 49999 --workers 1 --no-access-log --no-use-colors
+	cd /home/user/.server/
+	/home/user/.server/.venv/bin/uvicorn main:app --host 0.0.0.0 --port 49999 --workers 1 --no-access-log --no-use-colors >> /home/user/uvicorn_server.log 2>&1
 }
 
 echo "Starting Code Interpreter server..."
 start_jupyter_server &
-MATPLOTLIBRC=/root/.config/matplotlib/.matplotlibrc jupyter server --IdentityProvider.token="" >/dev/null 2>&1
+MATPLOTLIBRC=/home/user/.config/matplotlib/.matplotlibrc jupyter server --IdentityProvider.token="" >> /home/user/jupyter_server.log 2>&1

template/test.Dockerfile

@@ -1,18 +1,22 @@
 FROM python:3.10.14
 
+# Create a non-root user
+RUN useradd -m -s /bin/bash user
+ENV HOME=/home/user
+
 ENV JAVA_HOME=/opt/java/openjdk
 COPY --from=eclipse-temurin:11-jdk $JAVA_HOME $JAVA_HOME
 ENV PATH="${JAVA_HOME}/bin:${PATH}"
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends \
-  build-essential curl git util-linux jq sudo nodejs npm fonts-noto-cjk
+  build-essential curl git util-linux jq nodejs npm fonts-noto-cjk
 
 ENV PIP_DEFAULT_TIMEOUT=100 \
   PIP_DISABLE_PIP_VERSION_CHECK=1 \
   PIP_NO_CACHE_DIR=1 \
-  JUPYTER_CONFIG_PATH="/root/.jupyter" \
-  IPYTHON_CONFIG_PATH="/root/.ipython" \
-  SERVER_PATH="/root/.server"
+  JUPYTER_CONFIG_PATH="$HOME/.jupyter" \
+  IPYTHON_CONFIG_PATH="$HOME/.ipython" \
+  SERVER_PATH="$HOME/.server"
 
 # Install Jupyter
 COPY ./template/requirements.txt requirements.txt
@@ -27,7 +31,7 @@ RUN ijsinstall --install=global
 COPY --from=denoland/deno:bin-2.0.4 /deno /usr/bin/deno
 RUN chmod +x /usr/bin/deno
 RUN deno jupyter --unstable --install
-COPY ./template/deno.json /root/.local/share/jupyter/kernels/deno/kernel.json
+COPY ./template/deno.json $HOME/.local/share/jupyter/kernels/deno/kernel.json
 
 # Create separate virtual environment for server
 RUN python -m venv $SERVER_PATH/.venv
@@ -39,7 +43,7 @@ RUN $SERVER_PATH/.venv/bin/pip install --no-cache-dir -r $SERVER_PATH/requiremen
 COPY ./template/server $SERVER_PATH
 
 # Copy matplotlibrc
-COPY ./template/matplotlibrc /root/.config/matplotlib/matplotlibrc
+COPY ./template/matplotlibrc $HOME/.config/matplotlib/matplotlibrc
 
 # Copy Jupyter configuration
 COPY ./template/start-up.sh $JUPYTER_CONFIG_PATH/
@@ -54,7 +58,14 @@ RUN mkdir -p $IPYTHON_CONFIG_PATH/profile_default/startup
 COPY ./template/startup_scripts/* $IPYTHON_CONFIG_PATH/profile_default/startup
 
 # Setup entrypoint for local development
-WORKDIR /home/user
+WORKDIR $HOME
 COPY ./chart_data_extractor ./chart_data_extractor
 RUN pip install -e ./chart_data_extractor
+
+# Set ownership of all files to the user
+RUN chown -R user:user $HOME
+
+# Switch to non-root user
+USER user
+
 ENTRYPOINT $JUPYTER_CONFIG_PATH/start-up.sh