Skip to content

Drop privileges before starting server #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 1, 2014
Merged

Drop privileges before starting server #4

merged 1 commit into from
Nov 1, 2014

Conversation

@justfalter
Copy link
Contributor

@justfalter justfalter commented Nov 1, 2014

Hi there,
First, I'd like to say that I greatly appreciate your creating this docker image for Minecraft.

I'm sending this pull request as I had noticed that the Minecraft process was running as root, though it does not require such privileges. See the principle of least privilege. There has been at least one exploit that allowed someone with root privs within a docker container to escalate to root privs on the host system.

All that I've done is 1) add a 'minecraft' user, 2) ensure that user owns /data, and 3) execute the original startup script as the minecraft user.

thanks!

@justfalter
Drop privileges before starting server
4ff077f 
- Create 'minecraft' user account within image.
- Drop to 'minecraft' user before starting server.
itzg added a commit that referenced this pull request Nov 1, 2014
@itzg
Merge pull request #4 from justfalter/minecraft-drop-privs
55cffbb 
Drop privileges before starting server
@itzg itzg merged commit 55cffbb into itzg:master Nov 1, 2014
@itzg
Copy link
Owner

itzg commented Nov 1, 2014

I had explored the use of docker run -u <>, but I like the compromise of your solution.

Thanks.

(Sorry for the double comment here and your commit :) )

@itzg
Copy link
Owner

itzg commented Nov 1, 2014

...and built (image ID 39e3d30e0919)

@sd016808 sd016808 mentioned this pull request Mar 18, 2021
Closed
@efunneko efunneko mentioned this pull request Dec 19, 2022
Closed
@TheoCouss TheoCouss mentioned this pull request Mar 30, 2023
Closed
@BulletproofCoffy BulletproofCoffy mentioned this pull request Oct 10, 2023
Closed
@nikshepsvn nikshepsvn mentioned this pull request Nov 22, 2024
Closed
@utsudashinou utsudashinou mentioned this pull request Jul 2, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@justfalter @itzg