dashboard icon indicating copy to clipboard operation
dashboard copied to clipboard
verified publisher icon netbirdio

Use a non-root user to limit root access in docker

Open reimarstier opened this issue 1 year ago • 4 comments

I'd like to be able to deploy the netbird dashboard to a highly restricted environment. One of the requirements is to run docker as non-root. See also the best practices mentioned here. While it is possible to simply start the netbird dashboard container with another user it is not able to run since it is configured to:

  • bind to ports lower than 1000 which are privileged ports.
  • Writes files to /etc/, e.g. /etc/crontabs/root
  • Letsencrypt bot writes to several places as well

I have tested to run the image in my environment and I am fairly confident that it should run somewhere else, too. I did not test running it with letsencrypt. This should be definitely tested before considering this to be merged.

This feature was asked for in #406. Consider this a first shot in this direction.

reimarstier avatar Sep 06 '24 07:09 reimarstier

Any progress?

Akruidenberg avatar Mar 08 '25 21:03 Akruidenberg

Hi @heisbrot , Could you take a look this PR?

tropnikovvl avatar Mar 28 '25 18:03 tropnikovvl

I would love to see this implemented! Right now I need to run all my containers as root, which is a security issue for me.

Kola50011 avatar May 25 '25 09:05 Kola50011

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Oct 30 '25 21:10 CLAassistant