refactor(claude): use built-in node user instead of custom claude user

Drop the addgroup/adduser layer entirely. node:20-alpine already ships a node user at uid/gid 1000. Update chown and USER directives, and update the claude-config volume mount path to /home/node/.claude.
2026-04-14 22:50:59 +02:00 · 2026-04-14 22:50:59 +02:00 · 1c489f8636
commit 1c489f8636
parent 0800e4a084
4 changed files with 12 additions and 16 deletions
--- a/claude/Dockerfile
+++ b/claude/Dockerfile
@ -11,21 +11,17 @@ RUN apk add --no-cache \
 # Entrypoint used by the webui service (ttyd wrapping claude)
 COPY --chmod=755 webui-entrypoint.sh /usr/local/bin/webui-entrypoint.sh

-# Create non-root user (node:20-alpine reserves gid/uid 1000 for the node user)
-RUN addgroup -g 1001 claude \
-    && adduser -u 1001 -G claude -s /bin/bash -D claude
-
-# Install Claude Code globally (runs as root for npm -g, then drops)
+# Install Claude Code globally
 RUN npm install -g @anthropic-ai/claude-code

-# Workspace and Claude config dir — both owned by claude user.
+# Workspace and Claude config dir — owned by the built-in node user (uid 1000).
 # Pre-creating ~/.claude ensures the named volume is initialised with the
 # correct ownership when first mounted (Docker copies image content into
 # an empty named volume on first use).
-RUN mkdir -p /workspace /home/claude/.claude \
-    && chown -R claude:claude /workspace /home/claude/.claude
+RUN mkdir -p /workspace /home/node/.claude \
+    && chown -R node:node /workspace /home/node/.claude

-USER claude
+USER node
 WORKDIR /workspace

 # Proxy traffic through sidecar — override at runtime if needed