Daniel Watford created OFBIZ-12795: -------------------------------------- Summary: Trunk demo site: Ensure OFBiz runs as the ofbizDemo user Key: OFBIZ-12795 URL: https://issues.apache.org/jira/browse/OFBIZ-12795 Project: OFBiz Issue Type: Improvement Components: Demo Reporter: Daniel Watford Assignee: Daniel Watford
OFBiz container instances running on the ofbiz-vm1 VM are launched by the ofbizDocker user. Within an OFBiz container a new lower-privileged user is used to run the OFBiz process. This user has UID 1000. User with UID 1000 is used within the container to ensure that should the OFBiz process be compromised and an attacker 'breaks out' of the container, then an attacker's effective UID is still 1000 and they will be restricted to the privileges of that user. An area of risk is that we have not ensured UID 1000 really is a low privilege user on host ofbiz-vm1. This ticket is to ensure that the internal container UID of 1000 really does map to a low-privilege user. Investigate and apply user mapping for OFBiz container instances running on ofbiz-vm1 to ensure processes internal to OFBiz containers effectively run as the ofbizDocker user. -- This message was sent by Atlassian Jira (v8.20.10#820010)