oneuptime
oneuptime copied to clipboard
Enhancement: Create additional nonroot user to avoid running as UID 0
Is your feature request related to a problem? Please describe. While the root user was removed in this earlier commit, this is still in violation of a common security policy where the container is running as UID 0 since another user was not explicitly added. Setting another user within a Dockerfile is a common practice we've seen from open-source tools, or including a separate field in the helm chart to run as a separate UID.
Describe the solution you'd like
Set an additional USER oneuptime
- similar to this gist - and modify files and permissions as necessary.
Describe alternatives you've considered None found at this time other than ignoring security violations in our environment.
Additional context https://github.com/OneUptime/oneuptime/issues/1176