nano-node icon indicating copy to clipboard operation
nano-node copied to clipboard

Published 20 hours ago verified publisher icon nanocurrency

Suggestion: run docker as non-root

Open ksemaev opened this issue 5 years ago • 3 comments

Most of docker orchestration systems require, or at least recommend to run processes in docker as non-root. I tried it with your container, and it did work normally, so maybe you can add something like this to your dockerfile:

RUN groupadd --gid 1000 nano && \
    useradd --uid 1000 --gid nano --shell /bin/bash --create-home nano

COPY entry.sh /home/nano/entry.sh
RUN  chmod a+x /home/nano/entry.sh

WORKDIR /home/nano
USER nano

ENTRYPOINT /home/nano/entry.sh

ksemaev avatar Jul 03 '19 07:07 ksemaev

Moving to V22 to ensure low upgrade resistance for V21 as faster upgrades are desired for work difficulty increase purposes.

zhyatt avatar Mar 12 '20 16:03 zhyatt

Added a PR for this in nano-docs repo: https://github.com/nanocurrency/nano-docs/pull/507

thsfs avatar Apr 16 '21 21:04 thsfs

if this goes through we definitely need some migration like file system permissions.

but why the user 1000? which is likely the first user on the host which might not be one that's supposed to mess with anything.

My1 avatar Apr 27 '21 16:04 My1