gitbucket-docker icon indicating copy to clipboard operation
gitbucket-docker copied to clipboard

Published 20 hours ago verified publisher icon gitbucket

Changed the root user to a non-root user

Open kanekoh opened this issue 5 years ago • 2 comments

Changes as follows:

  • Give permissions to the root group
  • Set USER as 1001 (non-root user)

I confirmed the container works with restricted SCC on an OpenShift environment.

#15

kanekoh avatar Jan 07 '20 02:01 kanekoh

@kanekoh I'm not sure that hardcoding UID 1001 is a very good idea, since the mounted volumes from the host system will have now a "random" owner with UID 1001 .

aadrian avatar Jan 07 '20 08:01 aadrian

@aadrian I understand that hardcoding UID is not good idea.

Which of these methods is closer to your thought?

  1. No define "USER" instruction in Dockerfile As a default with docker-daemon, it works as a root uid container. However, a user can execute the container as non-root user with the parameter '-u'.

  2. Use "ARG" instruction and set default value to define USERID in Dockerfile When the container image build with docker command, specify USERID with --build-arg. So, a user can change UID easily.

...
ARG USERID=1001
...
USER ${USERID}

kanekoh avatar Apr 24 '20 12:04 kanekoh