Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
master
-
None
-
None
Description
JIB by default uses root as a user for the app within the container, which can raise security question, and is against best practices.
To quote https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
If a service can run without privileges, use USER to change to a non-root user. Start by creating the user and group in the Dockerfile with something like: RUN groupadd -r postgres && useradd --no-log-init -r -g postgres postgres
With JIB it is fairly easy to use the `nobody` user though I did stop my investigations on permission management (for files add).
It might require us to switch things out of the root folder. The JIB community do not seem to actively go in that direction too...
I'm not actively working in this but if somebody wants to get a try...