container should run as non-root?

facefusion / facefusion-docker

Industry leading face manipulation platform

https://join.facefusion.io

Other

299 stars 111 forks source link

container should run as non-root? #35

Open fahadshery opened 2 hours ago

fahadshery commented 2 hours ago

Hi,

examined your Dockerfiles and I think if we add the following:

# Define environment variables for UID and GID and local timezone
ENV PUID=${PUID:-1000}
ENV PGID=${PGID:-1000}

# Create a group with the specified GID
RUN groupadd -g "${PGID}" appuser
# Create a user with the specified UID and GID
RUN useradd -m -s /bin/sh -u "${PUID}" -g "${PGID}" appuser

#Run application as non-root
USER appuser

we should be able to run the app as non-root user?

henryruhs commented 2 hours ago

Hey,

I choose to maintain the Dockerfiles this way and let users decide how to run them. It might be a matter of personal taste, but configuring this through Docker Compose seems more elegant to me.

services:
  facefusion-cpu:
    user: "${PUID:-1000}:${PGID:-1000}"
    environment:
      - PUID=${PUID:-1000}
      - PGID=${PGID:-1000}