docker-smtp icon indicating copy to clipboard operation
docker-smtp copied to clipboard

Published 20 hours ago verified publisher icon namshi

Docker container should'nt run as root

Open menardorama opened this issue 4 years ago • 6 comments

As a security measure, the Dockerfile should have a USER directive in order to run using a non privileged user account.

Can you add it ?

menardorama avatar Aug 17 '20 10:08 menardorama

This is absolutely true.. Please can we have this feature added as soon as possible!

GitJamz avatar Sep 12 '20 10:09 GitJamz

The container starts up exim (the actual SMTP agent) and that process drops root privileges. I guess the only way to fix this would be to add a new user (apart from Debian-exim) to the image, and chmod all files that exim needs at the startup. I've checked other images that use Exim4, but none of them seem to use this practice. Which leads me to suspect that there is an issue with my thought.

ebuzzz avatar Jan 07 '21 07:01 ebuzzz

Anyone modified it to avoid root account? If so, can you send what you did in a Dockerfile? If privileged port is the problem, maybe setcap can be used or converting the custom port inside the container to 25 outside of container.

laimison avatar Mar 09 '21 20:03 laimison

Here is the rootless Dockerfile that could be merged into this solution https://github.com/industrieco/docker-exim-relay

laimison avatar Mar 09 '21 21:03 laimison

Here is the rootless Dockerfile that could be merged into this solution https://github.com/industrieco/docker-exim-relay

The link gives 404 now.

guidoffm avatar Sep 13 '21 11:09 guidoffm

@laimison, this link is giving 404 now https://github.com/industrieco/docker-exim-relay

katuka2 avatar Nov 23 '23 12:11 katuka2