add user-IDs to all containers

Signed-off-by: Simon L. <szaimen@e.mail.de>
2026-02-08 06:48:00 +00:00 · 2024-11-06 14:29:18 +01:00 · 2024-11-06 14:29:18 +01:00 · faecc028fe
commit faecc028fe
parent 5499bc8a5d
11 changed files with 24 additions and 10 deletions
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@ -81,7 +81,7 @@ RUN set -ex; \
    \
    echo "root:$(openssl rand -base64 12)" | chpasswd

-USER www-data
+USER 33

 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@ -19,7 +19,7 @@ RUN set -ex; \

 VOLUME /var/lib/clamav

-USER clamav
+USER 100

 LABEL com.centurylinklabs.watchtower.enable="false"

--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.23.2-alpine3.20 AS go

-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c

 RUN set -ex; \
    apk add --no-cache \
@ -33,7 +33,7 @@ COPY --chmod=775 start.sh /start.sh

 ENV PORT=9000

-USER nobody
+USER 65534

 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@ -39,7 +39,7 @@ RUN set -ex; \

 VOLUME /mnt/data

-USER postgres
+USER 999
 ENTRYPOINT ["/start.sh"]

 HEALTHCHECK CMD /healthcheck.sh
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@ -14,7 +14,7 @@ RUN set -ex; \
 # Get rid of unused binaries
    rm -f /usr/local/bin/gosu;

-USER redis
+USER 999
 ENTRYPOINT ["/start.sh"]

 HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@ -28,7 +28,7 @@ RUN set -ex; \
        build-base \
        linux-headers \
        geckodriver; \
-    useradd -d /tmp --system recording; \
+    useradd -d /tmp --system recording -u 1000; \
 # Give root a random password
    echo "root:$(openssl rand -base64 12)" | chpasswd; \
    git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
@ -49,7 +49,7 @@ RUN set -ex; \
        linux-headers;

 WORKDIR /tmp
-USER recording
+USER 1000
 ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]

--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@ -99,7 +99,7 @@ RUN set -ex; \
    ln -s /opt/eturnal/bin/stun /usr/local/bin/stun; \
    ln -s /opt/eturnal/bin/eturnalctl /usr/local/bin/eturnalctl

-USER eturnal
+USER 1000
 ENTRYPOINT ["/start.sh"]
 CMD ["supervisord", "-c", "/supervisord.conf"]

--- a/Containers/whiteboard/Dockerfile
+++ b/Containers/whiteboard/Dockerfile
@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.4

-USER root
+USER 65534
 RUN set -ex; \
    apk upgrade --no-cache -a; \
    apk add --no-cache bash