Default to non-root user, use latest Python 3 definition as base

.devcontainer/Dockerfile

@@ -1,36 +1,42 @@
-#-----------------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------------------------------------
 # Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See LICENSE in the project root for license information.
-#-----------------------------------------------------------------------------------------
+# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
 
 FROM python:3
 
-# Install pylint
-RUN pip install pylint
-
-# Configure apt
+# Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
+
+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+# Configure apt and install packages
 RUN apt-get update \
-    && apt-get -y install --no-install-recommends apt-utils 2>&1
-
-# Install git, process tools, lsb-release (common in install instructions for CLIs)
-RUN apt-get -y install git procps lsb-release
-
-# Install any missing dependencies for enhanced language service
-RUN apt-get install -y libicu[0-9][0-9]
-
-RUN mkdir /workspace
-WORKDIR /workspace
-
-# Install Python dependencies from requirements.txt if it exists
-COPY .devcontainer/requirements.txt.temp requirements.txt* /workspace/
-RUN if [ -f "requirements.txt" ]; then pip install -r requirements.txt && rm requirements.txt*; fi
-
+    && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
+    #
+    # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed
+    && apt-get -y install git procps lsb-release \
+    #
+    # Install pylint
+    && pip --disable-pip-version-check --no-cache-dir install pylint \
+    #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Add sudo support for non-root user
+    && apt-get install -y sudo \
+    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
-RUN apt-get autoremove -y \
+    && apt-get autoremove -y \
     && apt-get clean -y \
     && rm -rf /var/lib/apt/lists/*
-ENV DEBIAN_FRONTEND=dialog
 
-# Set the default shell to bash rather than sh
-ENV SHELL /bin/bash
+# Switch back to dialog for any ad-hoc use of apt-get
+ENV DEBIAN_FRONTEND=
+
+

.devcontainer/devcontainer.json

@@ -2,11 +2,19 @@
 	"name": "Python Sample",
 	"dockerFile": "Dockerfile",
 	"appPort": 9000,
-	"context": "..",
 	"extensions": [
 		"ms-python.python"
 	],
 	"settings": {
-		"python.pythonPath": "/usr/local/bin/python"
+		"python.pythonPath": "/usr/local/bin/python",
+		"python.linting.pylintEnabled": true,
+		"python.linting.pylintPath": "/usr/local/bin/pylint",
+		"python.linting.enabled": true
+	},
+	"postCreateCommand": "sudo pip install -r requirements.txt",
+	// Comment out the next line to run as root instead. Linux users, 
+	// update Dockerfile with your user's UID/GID if not 1000.
+	"runArgs": [ "-u", "vscode" ]
 }
+
 }

README.md

@@ -10,7 +10,9 @@ Follow these steps to open this sample in a container:
 
 1. If this is your first time using a development container, please follow the [getting started steps](https://aka.ms/vscode-remote/containers/getting-started).
 
-2. If you're not yet in a development container:
+2. **Linux users:** Update `USER_UID` and `USER_GID` in `.devcontainer/Dockerfile` with your user UID/GID if not 1000 to avoid creating files as root.
+
+3. If you're not yet in a development container:
    - Clone this repository.
    - Press <kbd>F1</kbd> and select the **Remote-Containers: Open Folder in Container...** command.
    - Select the cloned copy of this folder, wait for the container to start, and try things out!
@@ -19,6 +21,8 @@ Follow these steps to open this sample in a container:
 
 Once you have this sample opened in a container, you'll be able to work with it like you would locally. 
 
+> **Note:** This container runs as a non-root user with sudo access by default. Comment out `"runArgs": ["-u", "vscode"]` in `.devcontainer/devcontainer.json` if you'd prefer to run as root.
+
 Some things to try:
 
 1. **Edit:**