Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run aidbox as non-root user #539

Closed
MFAshby opened this issue Sep 27, 2022 · 1 comment
Closed

Run aidbox as non-root user #539

MFAshby opened this issue Sep 27, 2022 · 1 comment
Assignees
@Aitem
Labels
improvement issues related to product improvement
Milestone
January 2023 - v:...

Comments

@MFAshby
Copy link

MFAshby commented Sep 27, 2022

I need the following improvement

Run aidbox as non-root user inside the docker container.

The expected benefit

Although docker is fairly secure even if an attacker gains root in a container, it is recommended to run applications as unprivileged users inside docker containers anyway. This helps damage limitation when e.g. RCE vulnerabilities are discovered in running software.

https://docs.docker.com/engine/security/#conclusions

Additional context

Currently aidbox/multibox runs as root inside the container

$ docker exec -it multibox bash
bash-4.2# id -u
0
@MFAshby MFAshby added the improvement issues related to product improvement label Sep 27, 2022
@Aitem
Copy link
Member

Aitem commented Jan 26, 2023

Hi @MFAshby
We changed the user under which Aidbox runs. This is now a non-root user named aidbox (uid 1000)
We also changed the base image to Alpine
Changes to come in the next release
You can test these changes on the :edge version

@Aitem Aitem closed this as completed Jan 27, 2023
@Nesmeshnoy Nesmeshnoy added this to the January 2023 - v:2301 milestone Jan 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Aitem Aitem

Labels
improvement issues related to product improvement
Projects
None yet
Milestone
January 2023 - v:2301
Development

No branches or pull requests
3 participants
@Aitem @MFAshby @Nesmeshnoy