Benoit Tellier created JAMES-3818:
-------------------------------------
Summary: [JIB] Avoid using root as a user
Key: JAMES-3818
URL: https://issues.apache.org/jira/browse/JAMES-3818
Project: James Server
Issue Type: Improvement
Components: docker
Affects Versions: master
Reporter: Benoit Tellier
JIB by default uses root as a user for the app within the container, which can
raise security question, and is against best practices.
To quote
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
{code:java}
If a service can run without privileges, use USER to change to a non-root user.
Start by creating the user and group in the Dockerfile with something like:
RUN groupadd -r postgres && useradd --no-log-init -r -g postgres postgres
{code}
With JIB it is fairly easy to use the `nobody` user though I did stop my
investigations on permission management (for files add).
It might require us to switch things out of the root folder. The JIB community
do not seem to actively go in that direction too...
I'm not actively working in this but if somebody wants to get a try...
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
