Daniel Watford created OFBIZ-12795:
--------------------------------------
Summary: Trunk demo site: Ensure OFBiz runs as the ofbizDemo user
Key: OFBIZ-12795
URL: https://issues.apache.org/jira/browse/OFBIZ-12795
Project: OFBiz
Issue Type: Improvement
Components: Demo
Reporter: Daniel Watford
Assignee: Daniel Watford
OFBiz container instances running on the ofbiz-vm1 VM are launched by the
ofbizDocker user.
Within an OFBiz container a new lower-privileged user is used to run the OFBiz
process. This user has UID 1000.
User with UID 1000 is used within the container to ensure that should the OFBiz
process be compromised and an attacker 'breaks out' of the container, then an
attacker's effective UID is still 1000 and they will be restricted to the
privileges of that user.
An area of risk is that we have not ensured UID 1000 really is a low privilege
user on host ofbiz-vm1. This ticket is to ensure that the internal container
UID of 1000 really does map to a low-privilege user.
Investigate and apply user mapping for OFBiz container instances running on
ofbiz-vm1 to ensure processes internal to OFBiz containers effectively run as
the ofbizDocker user.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
