Skip to content

Rootless Debian and Alpine Docker images by default #567

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joseluisq merged 5 commits into from
Nov 17, 2025
Merged

Rootless Debian and Alpine Docker images by default #567

joseluisq merged 5 commits into from
Nov 17, 2025

Conversation

@joseluisq
Copy link
Collaborator

@joseluisq joseluisq commented Sep 26, 2025
edited
Loading

Description

This PR makes the current Debian and Alpine Docker images rootless by default using a dedicated user and group. This reduces the attack surface and improves security.

Remember: users can still run the containers as root if they explicitly set the user to root when running the container, e.g., using the --user root flag with docker run.

The static-web-server binary and all files in the /home/sws (home directory) are owned by the non-root user/group called sws, and the current working directory is the home directory.

For convenience, those paths are also available:

  • Public directory: /home/sws/public
  • Public directory symlink: /var/public -> /home/sws/public

Related Issue

Motivation and Context

Reduce the attack surface and enhance the security of existing Docker images.

How Has This Been Tested?

Screenshots (if appropriate):

@semanticdiff-com
Copy link

semanticdiff-com bot commented Sep 26, 2025

Review changes with  SemanticDiff

@joseluisq joseluisq added enhancement New feature or request v2 v2 release security Related to Security docker Related to Docker environment or images labels Nov 4, 2025
@joseluisq joseluisq self-assigned this Nov 4, 2025
@joseluisq joseluisq changed the title Rootless Docker image support Rootless Debian and Alpine Docker images support Nov 17, 2025
@joseluisq joseluisq marked this pull request as ready for review November 17, 2025 21:20
@joseluisq joseluisq changed the title Rootless Debian and Alpine Docker images support Rootless Debian and Alpine Docker images by default Nov 17, 2025
@joseluisq joseluisq merged commit b234984 into master Nov 17, 2025
34 checks passed
@joseluisq joseluisq deleted the docker-rootless-variant branch November 17, 2025 22:22
@joseluisq joseluisq added this to the v2.40.0 milestone Nov 17, 2025
@sidewinder94 sidewinder94 mentioned this pull request Dec 1, 2025
Closed
spantaleev added a commit to spantaleev/matrix-docker-ansible-deploy that referenced this pull request Dec 1, 2025
@spantaleev
Adapt to static-webserver v2.40.0 changes to the public directory
f31be1a 
Ref:

- https://github.com/static-web-server/static-web-server/releases/tag/v2.40.0
- static-web-server/static-web-server#567
- #4767

Fixes #4768

Regression since a451f1f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@joseluisq joseluisq

Labels

docker Related to Docker environment or images enhancement New feature or request security Related to Security v2 v2 release

Projects

None yet

Milestone

v2.40.0

Development

Successfully merging this pull request may close these issues.

2 participants

@joseluisq