Docker runs etherpad as root user #3629
Comments
|
+1 pse fix |
|
It's common practice to run as root in container just for simplicity. Unless you want to run many different services in a single container, which is generally not advisable. |
Processes in containers should not run as root. This change creates an unprivileged user in the Docker container, and run the main process using that user. Fixes ether#3629
Processes in containers should not run as root. This change creates an unprivileged user in the Docker container, and runs the main process using that user. Fixes ether#3629
Processes in containers should not run as root. This change creates an unprivileged user in the Docker container, and runs the main process using that user. Fixes ether#3629
Using the root user in a container is bad practice, discouraged and even forcefully prevented by default on some platforms. The good news is that the fix is trivial, as Etherpad does not actually need root privileges to run. |
Processes in containers should not run as root. This change creates an unprivileged user in the Docker container, and runs the main process using that user. Fixes ether#3629
Processes in containers should not run as root. This change creates an unprivileged user in the Docker container, and runs the main process using that user. Fixes ether#3629
Processes in containers should not run as root. This change creates an unprivileged user in the Docker container, and runs the main process using that user. References: * https://en.wikipedia.org/wiki/Principle_of_least_privilege * https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b * https://www.twistlock.com/labs-blog/non-root-containers-kubernetes-cve-2019-11245-care/ Fixes ether#3629
Processes in containers should not run as root. This change creates an unprivileged user in the Docker container, and runs the main process using that user. References: * https://en.wikipedia.org/wiki/Principle_of_least_privilege * https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b * https://www.twistlock.com/labs-blog/non-root-containers-kubernetes-cve-2019-11245-care/ Fixes ether#3629
Processes in containers should not run as root. This change creates an unprivileged user in the Docker container, and runs the main process using that user. References: * https://en.wikipedia.org/wiki/Principle_of_least_privilege * https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b * https://www.twistlock.com/labs-blog/non-root-containers-kubernetes-cve-2019-11245-care/ Fixes ether#3629
Processes in containers should not run as root. This change creates an unprivileged user in the Docker container, and runs the main process using that user. References: * https://en.wikipedia.org/wiki/Principle_of_least_privilege * https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b * https://www.twistlock.com/labs-blog/non-root-containers-kubernetes-cve-2019-11245-care/ Fixes #3629
|
Merged #3643. Thanks @pierreprinetti for reworking the commit. |
@pierreprinetti I don't think it's possible that a root user in a container can escalate to be root user on the host machine. The example in docker official document Best practices for writing Dockerfiles does not switch to unprivileged user. |
|
@Fnjn
|
Hey, i've noticed etherpad/node is running under the root user account in the default docker container.
Is there any special reason it has to be like that?
#1315 mentions it would be advisable to have ep run as a special etherpad user
The text was updated successfully, but these errors were encountered: