[
https://issues.apache.org/jira/browse/OFBIZ-12795?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17710862#comment-17710862
]
Daniel Watford commented on OFBIZ-12795:
----------------------------------------
INFRA have provided some advice that relates to this ticket in INFRA-24446
> Trunk demo site: Ensure OFBiz runs as the ofbizDemo user
> --------------------------------------------------------
>
> Key: OFBIZ-12795
> URL: https://issues.apache.org/jira/browse/OFBIZ-12795
> Project: OFBiz
> Issue Type: Improvement
> Components: Demo
> Reporter: Daniel Watford
> Assignee: Daniel Watford
> Priority: Major
>
> OFBiz container instances running on the ofbiz-vm1 VM are launched by the
> ofbizDocker user.
> Within an OFBiz container a new lower-privileged user is used to run the
> OFBiz process. This user has UID 1000.
> User with UID 1000 is used within the container to ensure that should the
> OFBiz process be compromised and an attacker 'breaks out' of the container,
> then an attacker's effective UID is still 1000 and they will be restricted to
> the privileges of that user.
> An area of risk is that we have not ensured UID 1000 really is a low
> privilege user on host ofbiz-vm1. This ticket is to ensure that the internal
> container UID of 1000 really does map to a low-privilege user.
> Investigate and apply user mapping for OFBiz container instances running on
> ofbiz-vm1 to ensure processes internal to OFBiz containers effectively run as
> the ofbizDocker user.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
