[Security] Run Cloudbeaver as non-root by default (to be less vulnerable)

[luarx]

Is your feature request related to a problem? Please describe. It would be a good point to run Cloudbeaver with a non-root user to follow best security practises Reference of why this is important: https://docs.bitnami.com/tutorials/why-non-root-containers-are-important-for-security

Describe the solution you'd like To do that, it should define a USER in the Dockerfile

I see that someone mentioned already this and suggested a solution, but it was not added to the repo as default

[EvgeniaBzzz]

Hi @luarx! Thank you for your request! You are right, for now we do not have default option for that. How to start a server with a non-root user - look here.

[luarx]

Thanks for your suggestion! Happy to know that it is possible to run as non-root and that it is documented 🙌

On the other hand, I think that it should be the default option because of the security reasons that I shared unless there are some reasons to not do that...

[luarx]

Wdyt @EvgeniaBzzz ? 😄

[EvgeniaBzzz]

@luarx we will implement it in one of the future releases

[brunnels]

I found the ubuntu user and group exist in the container already so no need to create a new user in the container. I was able to work around this in my deployment by copying the /opt/cloudbeaver directory to an ephemeral volume and chown ubuntu:ubuntu /opt/cloudbeaver via a pod initContainer.

The following could be added to the cloudbeaver Dockerfile and my workaround wouldn't be required.

RUN chown -R ubuntu:ubuntu /opt/cloudbeaver