-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Run Cloudbeaver as non-root by default (to be less vulnerable) #2290
Comments
Thanks for your suggestion! Happy to know that it is possible to run as non-root and that it is documented 🙌 On the other hand, I think that it should be the default option because of the security reasons that I shared unless there are some reasons to not do that... |
Wdyt @EvgeniaBzzz ? 😄 |
@luarx we will implement it in one of the future releases |
I found the ubuntu user and group exist in the container already so no need to create a new user in the container. I was able to work around this in my deployment by copying the The following could be added to the cloudbeaver Dockerfile and my workaround wouldn't be required. RUN chown -R ubuntu:ubuntu /opt/cloudbeaver |
Is your feature request related to a problem? Please describe.
It would be a good point to run Cloudbeaver with a non-root user to follow best security practises
Reference of why this is important: https://docs.bitnami.com/tutorials/why-non-root-containers-are-important-for-security
Describe the solution you'd like
To do that, it should define a USER in the Dockerfile
I see that someone mentioned already this and suggested a solution, but it was not added to the repo as default
The text was updated successfully, but these errors were encountered: