Last user should not be root

Question

Last user should not be root

030 opened this issue 3 years ago · comments

This could be mitigated by creating a traefik-whoami user in the build-stage and subsequently copy it to the last-stage, e.g.: https://github.com/030/bcbsn/blob/master/Dockerfile

Ludovic Fernandez · Answer 1 · Fri Dec 03 2021 17:03:47 GMT+0800 (China Standard Time)

https://github.com/traefik/whoami/blob/master/Dockerfile

The root requirement is not related to the build stage.

Ben van B · Answer 2 · Fri Dec 03 2021 17:36:02 GMT+0800 (China Standard Time)

# Create a minimal container to run a Golang static binary
FROM scratch

COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /go/whoami/whoami .

ENTRYPOINT ["/whoami"]
EXPOSE 80

I do not see any USER entry here, so the user is root in the traefik/whoami container.