Run Graphdb as different user then root

Ontotext-AD / graphdb-docker

Docker images for GraphDB

80 stars 47 forks source link

Run Graphdb as different user then root #5

Open phlegx opened 5 years ago

phlegx commented 5 years ago

Would be nice to have Graphdb running as a different user then root. This is actually docker best practice.

stefanbischof commented 1 year ago

I'm currently creating my own Docker image with this simple Dockerfile (tag is a build argument which has to be set when running docker build):

FROM ontotext/graphdb:${tag}

RUN chown -R nobody /opt/graphdb
USER nobody

Maybe the USER command could be easily integrated into the official Dockerfile? Then we wouldn't need the chown shell command anymore.

ThomasThelen commented 4 months ago

+1 for this, especially since it's common for people to expose sparql endpoints to the open world. This opens up a direct route to a service in the container with elevated privs