Update Dockerfile to run process as non-privileged user. (#3709)
authorasimons04 <69986579+asimons04@users.noreply.github.com>
Mon, 24 Jul 2023 13:51:51 +0000 (09:51 -0400)
committerGitHub <noreply@github.com>
Mon, 24 Jul 2023 13:51:51 +0000 (09:51 -0400)
docker/Dockerfile

index e81d9d0c270e39ca90a08c00584a0b32892177d8..02c2e572c9e7c69f4744ca7b3836c3eec1ba191e 100644 (file)
@@ -37,4 +37,9 @@ RUN apk add --no-cache libpq
 # Copy resources
 COPY --from=builder /app/lemmy_server /app/lemmy
 
+# Create non-privileged user
+RUN adduser -h /app -s sh -S -u 1000 lemmy
+RUN chown -R lemmy /app
+USER lemmy
+
 CMD ["/app/lemmy"]