Fix security issue by avoiding running container as root in Dockerfile

[nataliagranato]

This pull request addresses a security issue in the Dockerfile where the container was being run as the root user. Running containers as root can expose the system to vulnerabilities and is considered a security best practice to avoid.

Changes Made

• Modified the Dockerfile to create and use a non-root user.

Rationale

Running containers as root can be dangerous, as if the container is compromised, the attacker would have root privileges on the host. Switching to a non-root user helps mitigate risks and follows best practices for container security.

Testing

Manual verification that the container starts correctly and the application functions as expected with the new user.

Additional Notes

Please review the modified files and test the container with the new user. Feedback is appreciated, and I am available to discuss any issues or further improvements.

cc @phsmith

[phsmith]

Hey @nataliagranato, thanks for the PR.

Actually, we can't change the Dockerfile like that because it's the basis for building and deploying new versions to Docker Hub and Github Packages.

But, I totally agree with you about running it as a regular user instead of root, so my suggestions are: 1) Rollback the Dockerfile to the original version. 2) Edit the Dockerfile again and just add the user rundeck to it. 3) Push the changes.

[nataliagranato]

Hey @nataliagranato, thanks for the PR.

Actually, we can't change the Dockerfile like that because it's the basis for building and deploying new versions to Docker Hub and Github Packages.

But, I totally agree with you about running it as a regular user instead of root, so my suggestions are:

1. Rollback the Dockerfile to the original version.
2. Edit the Dockerfile again and just add the user rundeck to it.
3. Push the changes.

I returned to the previous Dockerfile adding the user. Check if it is correct.

I had tested this way, but the application didn't work, so I chose this path.