Open trbntwo opened 1 year ago
Hello,
would it be possible to add users to in the container files so that ffmpeg is not run as root user in the container?
This should increase security, as another abstraction layer and is generally one of the best practices as far as container building is concerned.
For images based on distributions, it should be possible to add a user via
RUN useradd
in the final image.
And for scratch images, you could either
in the image which compiles ffmpeg and then
COPY --from=build /etc/passwd /etc/
to the final image, or a cleaner way, in my opinion, would be to write a small passwd file of your own (something like this:)
ffmpeg:x:999:999::/ffmpeg:
and then
COPY ./path/to/passwd/in/repo /etc/
Hello,
would it be possible to add users to in the container files so that ffmpeg is not run as root user in the container?
This should increase security, as another abstraction layer and is generally one of the best practices as far as container building is concerned.
For images based on distributions, it should be possible to add a user via
in the final image.
And for scratch images, you could either
in the image which compiles ffmpeg and then
to the final image, or a cleaner way, in my opinion, would be to write a small passwd file of your own (something like this:)
and then