Skip to content

Run ActiveMQ container as a non-root user#1648

Open
pradeep85841 wants to merge 5 commits intoapache:mainfrom
pradeep85841:feature/non-root-user
Open

Run ActiveMQ container as a non-root user#1648
pradeep85841 wants to merge 5 commits intoapache:mainfrom
pradeep85841:feature/non-root-user

Conversation

@pradeep85841
Copy link
Contributor

@pradeep85841 pradeep85841 commented Feb 3, 2026

Summary

This PR modifies the Dockerfile to run the ActiveMQ container
as a dedicated non-root user, improving security and following
Docker best practices.

Changes

  • Added 'activemq' user and group
  • Ensured all ActiveMQ directories are owned by this user
  • Dropped root privileges before starting the broker
  • Adjusted permissions of entrypoint script

Testing

  • Verified container starts successfully
  • Verified ActiveMQ process runs as 'activemq' user: 
    docker exec -it <container> ps -ef | grep java
docker exec -it <container> whoami
docker exec -it <container_name_or_id> ls -l /usr/local/bin/entrypoint.sh

Pradeep Kunchala added 5 commits January 26, 2026 18:14
Add test for VM transport behavior on broker restart
77eb289
Add Jolokia-based healthcheck for ActiveMQ container
dbc3ece 
- HEALTHCHECK uses Jolokia search on Broker MBean
- Ensures broker is running and accessible
- Auth and Origin headers included for Jolokia security
- Docker CI-ready and deterministic
Simplify Dockerfile healthcheck using HTTP endpoint
cef7da9
Run ActiveMQ as a non-root user
0daefb9 
- Create a dedicated 'activemq' user and group
- Ensure ActiveMQ home directory is owned by this user
- Drop root privileges before starting the broker

This improves container security by avoiding running the process as root,
aligning with Docker best practices.
Ensure entrypoint.sh is owned by activemq user
a8be7eb
@jbonofre
Copy link
Member

jbonofre commented Feb 3, 2026

FYI a similar PR has been created a few months ago. I will take a look on this one.

@jeanouii
Copy link
Contributor

jeanouii commented Feb 3, 2026

The test has been merged already as part of the other PR. So you probably want to rebase this one.
I probably would have created an issue in JIRA and close the other PR, because they are both targeting the same file essentially improving Docker capabilities. They rely anyways on each other.

What do you think?

@jbonofre jbonofre self-requested a review February 3, 2026 12:13
@pradeep85841
Copy link
Contributor Author

pradeep85841 commented Feb 3, 2026

Thanks, that’s helpful. I’ll rebase this PR on top of the merged changes so it aligns with the current Docker improvements. Let me know if you’d prefer a different approach.

@jbonofre
Copy link
Member

jbonofre commented Feb 3, 2026

@pradeep85841 I gonna review the PR tomorrow. Thanks !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbonofre jbonofre Awaiting requested review from jbonofre

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pradeep85841 @jbonofre @jeanouii