GUACAMOLE-890: Security: Allow image to run as non-root user

2025-09-05 20:57:40 +00:00 · 2021-02-21 09:27:29 +01:00
parent 8e77864e63
commit c25df90555
2 changed files with 17 additions and 2 deletions
--- a/9
+++ b/9
@@ -56,6 +56,15 @@ WORKDIR /opt/guacamole
 # Copy artifacts from builder image into this image
 COPY --from=builder /opt/guacamole/ .

+# Create a new user guacamole
+ARG UID=1001
+ARG GID=1001
+RUN groupadd --gid $GID guacamole
+RUN useradd --system --create-home --shell /usr/sbin/nologin --uid $UID --gid $GID guacamole
+
+# Run with user guacamole
+USER guacamole
+
 # Start Guacamole under Tomcat, listening on 0.0.0.0:8080
 EXPOSE 8080
 CMD ["/opt/guacamole/bin/start.sh" ]