Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jit Automated PR: Specify a non-root user in your Dockerfile #160

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

jit-ci[bot]
Copy link

@jit-ci jit-ci bot commented May 24, 2024

Specify a non-root user in your Dockerfile

This Pull Request was automatically generated by Jit. We highly recommend that you check the suggestion and make
sure everything works before merging it. An explanation of the suggested changes is available below.

What changes are proposed in this PR?

  • First of all, check if your container is running as a root user. In most of the cases, you can do it by running a command like this: docker run <image> whoami. If it returns root, then you should consider using a non-root user, by following one of the next steps:
    • If a non-root user already exists in your container, consider using it.
    • If not, you can create a new user by adding a USER command to the Dockerfile, with a non-root user as argument, for example: USER <non-root-user-name>.

Why are these changes important?

If you don't specify at least 1 USER command in the Dockerfile, the container will run as root. If a security vulnerability is exploited in the root container, an attacker could gain complete control over the host system and any other containers running on it, potentially leading to devastating consequences.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants