Skip to content

Add non-root user by default #850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add non-root user by default #850

wants to merge 1 commit into from
+129 −8

Conversation

ToshY
Copy link

@ToshY ToshY commented Sep 27, 2025

Fixes #679

Based on:

Using a non-root user is regarded as a best practice.

I am not sure what the "many issues" a non-root user could cause (which might need further explanation), but I was able to build the images (dev/prod targets) and run it on dev without any apparent issues. Requires further testing.

7-zete-7
7-zete-7 reviewed Sep 28, 2025
View reviewed changes
Copy link
Contributor

@7-zete-7 7-zete-7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, @ToshY!

Perhaps, instead of changing the Dockerfile, it would make sense to describe the changes to this PR in the documentation page?

@7-zete-7
Copy link
Contributor

I assume FrankenPHP relies on Caddy's decision to run as root by default. See the discussion on this topic in the Caddy repository: caddyserver/caddy-docker#104.

@ToshY
Copy link
Author

ToshY commented Sep 28, 2025
edited
Loading

Hi, @ToshY!

Perhaps, instead of changing the Dockerfile, it would make sense to describe the changes to this PR in the documentation page?

Okay, would you recommend adding a (new) documentation page, or update an existing one?

Edit

I've moved it to a new documentation page.

I understand the decision to not directly apply the changes to the Dockerfile and document it instead. Maybe something to take into consideration for next time (and start with non-root by default then).

@ToshY ToshY force-pushed the issue/679 branch 3 times, most recently from 90fb72e to 368a331 Compare September 28, 2025 12:17
@ToshY ToshY requested a review from 7-zete-7 September 28, 2025 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@7-zete-7 7-zete-7 Awaiting requested review from 7-zete-7

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Run container as an unprivileged user
2 participants
@ToshY @7-zete-7