Non-root USER
Definition
A non-root USER refers to a user account in a computing environment that does not have administrative or root privileges. This practice is crucial for minimizing the risk of accidental or malicious changes to the system, as non-root users have limited permissions and cannot perform critical system operations. In containerized environments, running applications as a non-root user enhances security by reducing the potential impact of a compromised application.
Secure Settings Example
# Dockerfile example
FROM node:14
# Create a non-root user and switch to it
RUN useradd -m appuser
USER appuser
# Set the working directory and copy application files
WORKDIR /home/appuser/app
COPY ../../../../PycharmProjects/definitions-for-site/content .
# Install dependencies
RUN npm install
# Start the application
CMD ["node", "app.js"]
Insecure Settings Example
# Dockerfile example
FROM node:14
# Running as the default root user
WORKDIR /app
COPY . .
# Install dependencies
RUN npm install
# Start the application
CMD ["node", "app.js"]