search

Acris / docker-shadowsocks-libev

Build a docker image for shadowsocks-libev with v2ray-plugin, based on Alpine Linux.
https://hub.docker.com/r/acrisliu/shadowsocks-libev/
MIT License
303 stars 95 forks source link

Run container as non-root user? #16

Closed gadget1999 closed 4 years ago

gadget1999 commented 4 years ago

Since the container ports are exposed to internet 24*7, it could be possible that the container get compromised. Then the hacker could run tcpdump or arp-scan to get more info on the network.

Is it possible to add that in the docker file, like following?

# Add a new user "john" with user id 8877
RUN useradd -u 8877 john
# Change to non-root privilege
USER john
Acris commented 4 years ago

Thanks for your advice, I updated the Dockerfile and ss-server run as nobody now.