search

Athou / commafeed

Google Reader inspired self-hosted personal RSS reader.
https://www.commafeed.com
Apache License 2.0
2.82k stars 377 forks source link

Support custom UID/GID in docker (AKA don't run the server as root) #1227

Open denilsonsa opened 10 months ago

denilsonsa commented 10 months ago

Describe the bug

Following the current docker-compose instructions from https://hub.docker.com/r/athou/commafeed, the server will be running as the root user. That's a security issue, and we should always avoid running processes as root.

To Reproduce

Steps to reproduce the behavior:

  1. Create a docker-compose.yml file following the instructions from https://hub.docker.com/r/athou/commafeed.
  2. docker compose up -d
  3. htop, search for commafeed; or docker compose top

Expected behavior

It should run as its own user. Bonus points for having the UID/GID configurable.

Configurable UID:GID is needed if the person is mounting /commafeed/data as a volume, because it will match the permissions for that path. (By the way, this should be in the basic configuration example.)

Screenshots

$ docker compose top
commafeed-commafeed-1
UID    PID      PPID     C    STIME   TTY   TIME       CMD
root   637880   637860   9    08:53   ?     00:00:22   java -jar commafeed.jar server config.yml

Environment (please complete the following information):

Additional context

You could consider following the structure of the many other images from LinuxServer.IO. Those images always run as a configurable normal user and even have a configurable timezone.

If you go through that route, you can contribute your image to their project. Not only it will be easy to setup for most people, but also gives some exposure as something linked from and supported by LSIO.