Skip to content

feat: Add non-root user to Dockerfile for security #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
eucyt merged 2 commits into from
May 19, 2025
Merged

feat: Add non-root user to Dockerfile for security #59

eucyt merged 2 commits into from
May 19, 2025

Conversation

@JasonShigemura
Copy link
Contributor

@JasonShigemura JasonShigemura commented May 7, 2025

Configure Docker image to run as 'appuser' instead of root.

Description

This PR addresses a critical security concern by configuring the Docker container to run the application as a dedicated, unprivileged non-root user ('appuser') instead of the default 'root' user.

Running containers as root is against security best practices as it increases the potential impact if the application process is compromised. Switching to a non-root user limits the process's privileges within the container.

This change aligns with Docker security recommendations and hardens the deployment environment.

Changes Made

  • Added instructions in the release stage of the Dockerfile to:
    • Create a new group (appgroup) and user (appuser).
    • Change ownership of the /app directory to appuser:appgroup.
  • Added the USER appuser instruction before the ENTRYPOINT to switch to the non-root user.

Related Issues/PRs

Checklist

  • Dockerfile modified to add and use a non-root user.
  • Docker image built and tested locally (docker build .)

@JasonShigemura
feat: Add non-root user to Dockerfile for security
a9095e8 
Configure Docker image to run as 'appuser' instead of root.
@eucyt eucyt requested a review from a team May 8, 2025 08:34
eucyt
eucyt approved these changes May 19, 2025
View reviewed changes
Copy link
Contributor

@eucyt eucyt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JasonShigemura
Sorry to late review
LGTM

@eucyt eucyt enabled auto-merge May 19, 2025 07:54
@eucyt eucyt added this pull request to the merge queue May 19, 2025
Merged via the queue into line:main with commit e76b340 May 19, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eucyt eucyt eucyt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JasonShigemura @eucyt