Run container as non-root user #11

Merged

lyrathorpe merged 1 commits from chore/dockerfile-non-root into main 2026-06-17 17:33:23 +01:00

Conversation 0 Commits 1 Files Changed 1

+6 -1

lyrathorpe commented 2026-06-17 17:22:56 +01:00

Owner

Copy Link

Copy Source

Adds a dedicated non-root user and switches to it before CMD. Verified the container runs as a non-root uid. Closes #7

Adds a dedicated non-root user and switches to it before CMD. Verified the container runs as a non-root uid. Closes #7

lyrathorpe added 1 commit 2026-06-17 17:22:57 +01:00

chore: run container as non-root user ... 5231b277d0

Create a dedicated appuser/appuser system user and group, ensure the
copied application file is owned by it, and switch to that user with
USER before CMD. EXPOSE 110 25 is unchanged; ports are published via the
host -p mapping, so binding them as non-root works in the default Docker
network namespace without CAP_NET_BIND_SERVICE.

Fixes #7

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

lyrathorpe merged commit 7930235efd into main 2026-06-17 17:33:23 +01:00

lyrathorpe deleted branch chore/dockerfile-non-root 2026-06-17 17:33:25 +01:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Defect / incorrect behaviour

ci

CI / build pipeline

docs

Documentation

enhancement

Improvement to existing behaviour

security

Security hardening

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

lyrathorpe

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lyrathorpe/legacy-email-proxy#11