Switch tactical-nats to run as non-root

docker/containers/tactical-nats/dockerfile

@@ -10,9 +10,20 @@ SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
 COPY natsapi/bin/nats-api /usr/local/bin/
 RUN chmod +x /usr/local/bin/nats-api
 
+RUN touch /usr/local/bin/config_watcher.sh
+RUN chown 1001:1001 /usr/local/bin/config_watcher.sh
+
+
+RUN mkdir -p /var/log/supervisor
+RUN mkdir -p /etc/supervisor/conf.d
+RUN touch /etc/supervisor/conf.d/supervisor.conf
+RUN chown 1001:1001 /etc/supervisor/conf.d/supervisor.conf
+
 COPY docker/containers/tactical-nats/entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 
 ENTRYPOINT [ "/entrypoint.sh" ]
 
+USER 1001
+
 EXPOSE 4222

docker/containers/tactical-nats/entrypoint.sh

@@ -40,12 +40,10 @@ EOF
 echo "${config_watcher}" > /usr/local/bin/config_watcher.sh
 chmod +x /usr/local/bin/config_watcher.sh
 
-mkdir -p /var/log/supervisor
-mkdir -p /etc/supervisor/conf.d
-
 supervisor_config="$(cat << EOF
 [supervisord]
 nodaemon=true
+logfile=/tmp/supervisord.log
 [include]
 files = /etc/supervisor/conf.d/*.conf