Enhance Security: Run Container with Non-Root User Fixed #4091 #4092
Conversation
|
Is this not redundant? isn't there already an adduser? |
|
@walterbender Thanks for pointing that out! While some base images might already have a non-root user, I added appuser to ensure consistency and explicitly configure permissions for this container. This makes it clear who owns and runs what, reducing any reliance on base image defaults that could vary. |
|
Maybe you can rebase and check your changes against the current master. I think your changes are an improvement but there is something out of sync. |
|
Thanks for the feedback, Walter! I’ll rebase my changes against the current master to ensure everything is in sync and verify any overlaps. I’ll update the PR once it’s tested. Let me know if there’s anything specific you’d like me to focus on |
This pull request improves the security of the Docker container by introducing a non-root user. It uses the default root user and hence the container is based on the principle of least privilege. Therefore, it reduces the probability of privilege escalation and ensures that the container is safer to operate.
Differences:
1.Added a non-root user (appuser) and group (appgroup).
2.Updated file permissions to give ownership to the non-root user.
3.Configured to run as non-root user inside the container.
Benefits:
1.It minimizes the plausible impact of security flaws. Best Practices for Container Security.