From 13a866aeb0c24f20ed18ab40c0ea5616ef910676 Mon Sep 17 00:00:00 2001 From: asimons04 <69986579+asimons04@users.noreply.github.com> Date: Mon, 24 Jul 2023 09:51:51 -0400 Subject: [PATCH] Update Dockerfile to run process as non-privileged user. (#3709) --- docker/Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index e81d9d0c2..02c2e572c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -37,4 +37,9 @@ RUN apk add --no-cache libpq # Copy resources COPY --from=builder /app/lemmy_server /app/lemmy +# Create non-privileged user +RUN adduser -h /app -s sh -S -u 1000 lemmy +RUN chown -R lemmy /app +USER lemmy + CMD ["/app/lemmy"]