docker-node icon indicating copy to clipboard operation
docker-node copied to clipboard
verified publisher icon nodejs

Explain how to use/build rootless aka using the node user instead of the default root user

Open rugk opened this issue 3 months ago • 2 comments

Problem

Many people likely follow your simple guide here.

It is, however, a security best practice to make your service run as non-root inside the container: https://docs.docker.com/build/building/best-practices/#user

Especially when it is executed in a rootful way this increases the security.

Solution

There is no documentation in the README to run it like this, but the usual steps for building an app likely will be similar?

Alternatives to Consider

N/A

Came here from https://github.com/orangecoding/fredy/issues/207 BTW

rugk avatar Oct 06 '25 16:10 rugk

Ah found it! https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#non-root-user

IMHO that's quite hidden though for a a best practices document…

rugk avatar Oct 06 '25 16:10 rugk

IMHO, you may also link the best practices on https://hub.docker.com/_/node/#how-to-use-this-image directly, to save some more clicks and hopefully make more people find the information about non-root users. So if you adjust the docs there for #2286 you may likewise add a link to the best practices here.

rugk avatar Oct 06 '25 16:10 rugk