From b12b14b2771b2ef6ce4362c156b224226a47b3a4 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Fri, 29 Nov 2024 22:18:42 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(summary)=20run=20image=20?= =?UTF-8?q?as=20a=20non-root=20user?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Based on @rouja's comment, this is a bad practice, running a docker image as root. Added a User instruction with a default non-root user. --- src/summary/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/summary/Dockerfile b/src/summary/Dockerfile index 36c5243b..4b70ef7a 100644 --- a/src/summary/Dockerfile +++ b/src/summary/Dockerfile @@ -13,5 +13,8 @@ WORKDIR /app COPY --from=builder /usr/local /usr/local COPY ./summary /app/summary +# Un-privileged user running the application +ARG DOCKER_USER=1000:1000 +USER ${DOCKER_USER} CMD ["uvicorn", "summary.main:app", "--proxy-headers", "--host", "0.0.0.0", "--port", "8000"]