SECURITY: Run as non-privileged user

2024-03-18 10:13:45 +13:00
parent e1bb5adf36
commit f31f2d74b7
1 changed files with 7 additions and 0 deletions
--- a/7
+++ b/7
@@ -4,12 +4,19 @@ FROM golang:1.22 as build
 COPY . /opt/project/
 WORKDIR /opt/project

+# Install Pre-Requisites
 RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates=20230311
+# Create a user
+RUN useradd --no-create-home --system --shell /bin/false ddnsuser

 RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o /cloudflare-ddns-updater

 FROM scratch
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=build /cloudflare-ddns-updater /cloudflare-ddns-updater
+COPY --from=build /bin/false /bin/false
+COPY --from=build /etc/passwd /etc/passwd
+
+USER nobody
 ENTRYPOINT ["/cloudflare-ddns-updater"]
 CMD ["cloudflare-ddns-updater"]