Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] production deploys run as the root user #6513

Open
eatyourgreens opened this issue Dec 5, 2024 · 0 comments · May be fixed by #6514
Open

[Security] production deploys run as the root user #6513

eatyourgreens opened this issue Dec 5, 2024 · 0 comments · May be fixed by #6514
Labels
bug Something isn't working

Comments

@eatyourgreens
Copy link
Contributor

eatyourgreens commented Dec 5, 2024
edited
Loading

Describe the bug

The production Docker image runs commands as root.

jimodonnell@Jims-MBP-2 front-end-monorepo % docker compose run --rm prod-shell
/usr/src # whoami
root
/usr/src # ps -a
PID   USER     TIME  COMMAND
    1 root      0:00 /bin/sh
    9 root      0:00 ps -a
/usr/src #

To Reproduce

Run a production bash shell locally, then whoami. A dev image runs commands as node but production is running the Next.js apps as root.

Expected behavior

Production deploys should be secured by running the Next.js apps as node, not root.
@eatyourgreens eatyourgreens added the bug Something isn't working label Dec 5, 2024
@eatyourgreens eatyourgreens changed the title [Security] [Security] production deploys run as the root user Dec 5, 2024
This was referenced Dec 5, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

build: run the production apps as the node user eatyourgreens/front-end-monorepo
1 participant
@eatyourgreens